Description

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

Remediation

References

CVE-2013-6472

Related Vulnerabilities

WordPress Plugin Nested Pages Cross-Site Scripting (1.6.5.2)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3757)

WordPress Plugin WordPress Poll Multiple SQL Injection Vulnerabilities (33.5)

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48707)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2022-1343)

Severity

Medium

Classification

CVE-2013-6472 CWE-200

Tags

Missing Update Known Vulnerabilities