In the OAuth2 Client extension prior to 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
schine.games mw-oauth2client |