Description

The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.

Remediation

References

CVE-2015-8628

Related Vulnerabilities

Jboss EAP CVE-2012-4529 Vulnerability (CVE-2012-4529)

PHP Resource Management Errors Vulnerability (CVE-2010-2093)

Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)

MySQL CVE-2020-2765 Vulnerability (CVE-2020-2765)

WordPress Plugin IMPress for IDX Broker Unspecified Vulnerability (2.5.11)

Severity

Medium

Classification

CVE-2015-8628 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities