Description
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2019-2547 Vulnerability (CVE-2019-2547)
WordPress Plugin Docket Cache-Object Cache Accelerator Cross-Site Scripting (21.08.01)
Liferay Portal Incorrect Authorization Vulnerability (CVE-2024-38002)
WordPress Plugin LittleBot ACH for Stripe + Plaid Unspecified Vulnerability (1.2.6)
WordPress Plugin WPGlobus-Multilingual Everything! Multiple Vulnerabilities (1.9.6)