Description
An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.
Remediation
References
Related Vulnerabilities
Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)
Django Improper Input Validation Vulnerability (CVE-2012-3443)
WordPress Plugin More Fields Cross-Site Request Forgery (2.1)
WordPress 6.2 Multiple Vulnerabilities (6.2)
WordPress Plugin Responsive Menu-Create Mobile-Friendly Menu Multiple Vulnerabilities (4.0.3)