Description
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
Remediation
References
Related Vulnerabilities
Grafana Improper Authentication Vulnerability (CVE-2021-39226)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4298)
Oracle JRE CVE-2023-22044 Vulnerability (CVE-2023-22044)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-1686)