Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.
Remediation
References
Related Vulnerabilities
WordPress Plugin GDPR CCPA Compliance Support PHP Object Injection (2.3)
WordPress Plugin Email Queue by BestWebSoft Cross-Site Scripting (1.1.1)
WordPress Plugin Gallery Categories by BestWebSoft Cross-Site Scripting (1.0.8)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9015)