Description
Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2924 Vulnerability (CVE-2020-2924)
WordPress Plugin YITH WooCommerce Request A Quote Security Bypass (1.4.7)
WordPress Plugin CiviCRM Remote Code Execution (5.24.2)
Oracle Database Server CVE-2012-0519 Vulnerability (CVE-2012-0519)
WordPress Plugin Banner Effect Header Cross-Site Request Forgery (1.2.6)