Published: 08/06/2010 Updated: 30/07/2010

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki 1.16.0
mediawiki mediawiki 1.15.3
mediawiki mediawiki 1.15.0
mediawiki mediawiki 1.15.1
mediawiki mediawiki 1.15.2

Debian Bug report logs - #590669 mediawiki: XSS vulnerability in profileinfophp Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Jonathan Wiltshire <jmw@debianorg> Date: Wed, 28 Jul 2010 11:03:02 UTC Severity: ...

Debian Bug report logs - #585918 mediawiki: XSS vulnerabilities, CVEs Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Jonathan Wiltshire <debian@jwiltshireorguk> Date: Mon, 14 Jun 2010 21:09:02 UTC Severity: ...

CWE-352 https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590669

CVE-2010-1648

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect