An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-29T00:00:00

Updated: 2024-08-02T17:09:33.307Z

Reserved: 2023-06-29T00:00:00

Link: CVE-2023-37251

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-06-29T16:15:09.947

Modified: 2023-07-06T18:45:16.053

Link: CVE-2023-37251

cve-icon Redhat

No data.