CVE-2014-9478 in MediaWiki
摘要
由 MITRE
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.