An issue exists in the Cargo extension for MediaWiki up to and including 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |