Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

Remediation

References

CVE-2017-0362

Related Vulnerabilities

Cherokee NULL Pointer Dereference Vulnerability (CVE-2020-12845)

WordPress Plugin Oi Yandex.Maps for WordPress Cross-Site Scripting (3.2.7)

MySQL CVE-2015-4761 Vulnerability (CVE-2015-4761)

WordPress Plugin WordPress Button Plugin MaxButtons Cross-Site Scripting (1.26.0)

WordPress Plugin Captcha Backdoor (4.4.4)

Severity

High

Classification

CVE-2017-0362 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities