Description
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.
Remediation
References
Related Vulnerabilities
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16397)
Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2003-0230)
PostgreSQL Other Vulnerability (CVE-2002-0802)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1581)