Description

Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.

Remediation

References

CVE-2012-1578

Related Vulnerabilities

Grafana CVE-2022-39307 Vulnerability (CVE-2022-39307)

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12139)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3440)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-1945)

Severity

Medium

Classification

CVE-2012-1578 CWE-352

Tags

Missing Update Known Vulnerabilities