An issue exists in the Widgets extension up to and including 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
widgets project widgets |