Description
The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).
Remediation
References
Related Vulnerabilities
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4415)
MySQL CVE-2016-5627 Vulnerability (CVE-2016-5627)
WordPress Plugin WordPress Landing Pages Cross-Site Scripting (1.8.7)
OpenSSL Improper Input Validation Vulnerability (CVE-2015-0293)
WordPress Plugin WP Maintenance Mode Multiple Vulnerabilities (2.0.3)