Description
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameChars).
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2079)
WordPress Plugin Contact Form 7 Datepicker Cross-Site Scripting (2.6.0)
WordPress Plugin Link Optimizer Lite Cross-Site Request Forgery (1.4.5)
WordPress Plugin BuddyStream Multiple Cross-Site Scripting Vulnerabilities (2.6.2)