Description

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

Remediation

References

CVE-2012-1579

Related Vulnerabilities

WordPress Plugin SG Optimizer Multiple Vulnerabilities (3.3.5)

Coppermine Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0504)

XWiki Missing Authentication for Critical Function Vulnerability (CVE-2022-24820)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2011-1928)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-32931)

Severity

Medium

Classification

CVE-2012-1579 CWE-200

Tags

Missing Update Known Vulnerabilities