Description
MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.
Remediation
References
Related Vulnerabilities
Joomla Improper Preservation of Permissions Vulnerability (CVE-2020-13763)
WordPress Plugin Product Import Export for WooCommerce Cross-Site Request Forgery (1.7.4)
WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting (1.2.5)
WordPress Plugin Starfish Review Generation & Marketing for WordPress Security Bypass (2.0.0)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (5.5.0)