An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://phabricator.wikimedia.org/T333980 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-29T00:00:00
Updated: 2024-08-02T17:09:33.307Z
Reserved: 2023-06-29T00:00:00
Link: CVE-2023-37251
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-06-29T16:15:09.947
Modified: 2023-07-06T18:45:16.053
Link: CVE-2023-37251
Redhat
No data.