An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
References
History

Tue, 26 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-29T00:00:00

Updated: 2024-11-26T19:37:48.675Z

Reserved: 2023-06-29T00:00:00

Link: CVE-2023-37251

cve-icon Vulnrichment

Updated: 2024-08-02T17:09:33.307Z

cve-icon NVD

Status : Modified

Published: 2023-06-29T16:15:09.947

Modified: 2024-11-21T08:11:18.753

Link: CVE-2023-37251

cve-icon Redhat

No data.