mediawiki is vulnerable to open redirection. Having duplicate DOM query in the resources/src/mediawiki.page.ready/ready.js
on a logout click allows an attacker to force a logout and external redirection of the usere using HTML content in a MediaWiki page.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki/core | le | 1.34.0 |