Vulnerability CVE-2023-37251


Published: 2023-06-29

Description:
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.

 References:
https://phabricator.wikimedia.org/T333980

Copyright 2026, cxsecurity.com

 

Back to Top