CVE-2018-25089

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 28, 2023

Updated: May 17, 2024

CWE ID 1022

Summary

CVE-2018-25089 is a vulnerability identified in the glb Meetup Tag Extension 0.1 component of MediaWiki. This issue is considered problematic due to the manipulation of the Link Attribute Handler, leading to the use of a web link directing to an untrusted target with window.opener access. Upgrading to version 0.2 is the recommended solution to address this issue, with the patch identifier being 850c726d6bbfe0bf270801fbb92a30babea4155c. MediaWiki users are urged to upgrade the affected component as soon as possible, with the vulnerability also being assigned the identifier VDB-238157.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GL B

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sd8qzB
https://www.cve.org/CVERecord?id=CVE-2018-25089
https://nvd.nist.gov/vuln/detail/CVE-2018-25089

Back to Vulnerability Database

CVE-2018-25089

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations