An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.
{ "cpes": [ "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" ], "severity": "Medium" }