Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.

Remediation

References

CVE-2014-3455

Related Vulnerabilities

Oracle JRE CVE-2013-5848 Vulnerability (CVE-2013-5848)

Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999047)

Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16780)

RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2018-1000074)

Severity

Medium

Classification

CVE-2014-3455 CWE-352

Tags

Missing Update Known Vulnerabilities