Description
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-11145)
IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4733)
MySQL CVE-2016-0605 Vulnerability (CVE-2016-0605)
TYPO3 CVE-2013-7080 Vulnerability (CVE-2013-7080)
WordPress Plugin RocketTheme RokBox 'jwplayer.swf' Cross-Site Scripting (2.11)