Launchpad.net

CVE 2020-10959

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

See the CVE page on Mitre.org for more details.