The resource loader in MediaWiki 1.17.x prior to 1.17.3 and 1.18.x prior to 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote malicious users to obtain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.17 |
||
mediawiki mediawiki 1.17.0 |
||
mediawiki mediawiki 1.17.2 |
||
mediawiki mediawiki 1.17.1 |
||
mediawiki mediawiki 1.18 |
||
mediawiki mediawiki 1.18.0 |
||
mediawiki mediawiki 1.18.1 |