The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
report project report |
||
oracle communications cloud native core network slice selection function 1.2.1 |
||
oracle communications pricing design center 12.0.0.4.0 |
||
oracle communications pricing design center 12.0.0.5.0 |