Description

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.

Remediation

References

CVE-2012-1579

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17660)

concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082)

WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Cross-Site Scripting (2.1.4)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.21)

WordPress Plugin Ticketrilla:Client PHP Object Injection (1.0.1)

Severity

Medium

Classification

CVE-2012-1579 CWE-200

Tags

Missing Update Known Vulnerabilities