Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.

Remediation

References

CVE-2021-31549

Related Vulnerabilities

WordPress Plugin Forms:3rd-Party Inject Results Cross-Site Scripting (0.2)

WordPress Plugin Post Custom Templates Lite Cross-Site Scripting (1.6)

WordPress Plugin Quick Restaurant Menu Multiple Vulnerabilities (2.0.2)

Oracle Database Server Other Vulnerability (CVE-2005-3440)

WordPress Plugin Question and Answer Forum 'title' Variable Cross-Site Scripting (1.2.4)

Severity

Medium

Classification

CVE-2021-31549 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities