Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

Remediation

References

CVE-2017-0362

Related Vulnerabilities

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12529)

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7861)

Java Unspesificed Vulnerability (CVE-2019-2818)

WordPress Plugin WP OAuth Server (OAuth Authentication) Security Bypass (3.1.4)

WordPress Plugin Wordpress Countdown Widget Cross-Site Scripting (3.1.9.2)

Severity

High

Classification

CVE-2017-0362 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities