6.8
CVSSv2

CVE-2010-1648

Published: 08/06/2010 Updated: 30/07/2010
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

mediawiki mediawiki 1.15.0

mediawiki mediawiki 1.15.1

mediawiki mediawiki 1.15.2

mediawiki mediawiki 1.15.3

mediawiki mediawiki 1.16.0

Vendor Advisories

Debian Bug report logs - #585918 mediawiki: XSS vulnerabilities, CVEs Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Jonathan Wiltshire <debian@jwiltshireorguk> Date: Mon, 14 Jun 2010 21:09:02 UTC Severity: ...
Debian Bug report logs - #590669 mediawiki: XSS vulnerability in profileinfophp Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Jonathan Wiltshire <jmw@debianorg> Date: Wed, 28 Jul 2010 11:03:02 UTC Severity: ...