Description
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.
Remediation
References
Related Vulnerabilities
WordPress Improper Privilege Management Vulnerability (CVE-2020-28036)
WordPress Plugin Contact Form 7 Security Bypass (4.1)
WordPress Plugin Print-O-Matic Cross-Site Scripting (2.1.7)
WordPress Plugin MetaSlider Information Disclosure (3.3.1)
XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-29208)