6.1
CVSSv3

CVE-2023-37251

Published: 29/06/2023 Updated: 06/07/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

An issue exists in the GoogleAnalyticsMetrics extension for MediaWiki up to and including 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.

Vulnerable Product Search on Vulmon Subscribe to Product

mediawiki mediawiki