Mediawiki : Security Vulnerabilities, CVEs, Published In 2015 (CSRF) CVSS score >= 2

CVE-2015-6728

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
Max CVSS
7.5
EPSS Score
0.41%
Published
2015-09-01
Updated
2016-12-07

CVE-2015-2940

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.32%
Published
2015-04-13
Updated
2016-12-07

CVE-2014-9276

Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.
Max CVSS
5.1
EPSS Score
0.14%
Published
2015-01-04
Updated
2015-01-06
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close