Описание
MediaWiki Open Redirect vulnerability
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-10959
- https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb
- https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725
- https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml
- https://phabricator.wikimedia.org/T232932
- https://phabricator.wikimedia.org/T240393
Пакеты
mediawiki/core
< 1.34.0-rc.0
1.34.0-rc.0
Связанные уязвимости
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 a ...