Description
An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2019-2955 Vulnerability (CVE-2019-2955)
Moodle Improper Input Validation Vulnerability (CVE-2012-6099)
Oracle Database Server CVE-2007-5505 Vulnerability (CVE-2007-5505)
Grafana Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-21703)
Internet Information Services Other Vulnerability (CVE-2000-0746)