Description
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2014-2403 Vulnerability (CVE-2014-2403)
Oracle JRE CVE-2013-0445 Vulnerability (CVE-2013-0445)
WordPress Plugin WP Jobs Cross-Site Scripting (1.6)
Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)
WordPress Plugin Forym-Modern Discussion Forum for Wordpress-Forums Cross-Site Scripting (1.5.8)