Description
An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Team Members Cross-Site Scripting (5.2.0)
WordPress Plugin Scoutnet Kalender Cross-Site Scripting (1.1.0)
ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)
Drupal Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2017-6381)
WordPress Plugin Real WYSIWYG 'insert_file.php' Arbitrary File Upload (0.0.2)