Description

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.

Remediation

References

CVE-2016-6332

Related Vulnerabilities

WordPress Plugin McAvoy Cross-Site Scripting (0.1.0)

TYPO3 Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-9508)

WordPress 2.2.1 Multiple Vulnerabilities (2.2.1)

WordPress Plugin job-portal Cross-Site Scripting (0.0.1)

WordPress Plugin WP-Filebase Download Manager Cross-Site Scripting (3.4.4)

Severity

High

Classification

CVE-2016-6332 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities