Wikimedia · Mediawiki · CVE-2017-0363
**Name of the Vulnerable Software and Affected Versions**
MediaWiki versions prior to 1.28.1
MediaWiki versions prior to 1.27.2
MediaWiki versions prior to 1.23.16
**Description**
The issue allows for redirection to external sites through the Special:UserLogin page, specifically when the returnto parameter is set to an interwiki link, such as "interwiki:foo".
**Recommendations**
For versions prior to 1.28.1, update to version 1.28.1 or later.
For versions prior to 1.27.2, update to version 1.27.2 or later.
For versions prior to 1.23.16, update to version 1.23.16 or later.