Description
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-6495 Vulnerability (CVE-2014-6495)
WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.3)
WebLogic CVE-2020-14883 Vulnerability (CVE-2020-14883)
WordPress Plugin Modern Events Calendar Lite Cross-Site Scripting (5.22.2)
WordPress Plugin Live Chat Unlimited Cross-Site Scripting (2.8.3)