Description
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
Remediation
References
Related Vulnerabilities
Plone CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7293)
WordPress Plugin SagePay Server Gateway for WooCommerce Cross-Site Scripting (1.0.8)
Drupal Core 7.x Multiple Vulnerabilities (7.0)
WordPress Plugin UK Cookie Cross-Site Request Forgery (1.1)
WordPress Plugin Easy Accordion-Best Accordion FAQ Cross-Site Scripting (2.0.21)