resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| mediawiki/core(Packagist) | 0 | 1.34.0-rc.0 | N/A |
CVSS Metrics
