Description
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.
Remediation
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)
Dotclear Improper Access Control Vulnerability (CVE-2015-8832)
WordPress Plugin Age Gate Security Bypass (2.17.0)
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-17359)
WordPress Plugin Easy Testimonials Cross-Site Request Forgery (3.6.1)