Description
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2005-3452)
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-32777)
Oracle Application Server Other Vulnerability (CVE-2002-1632)
WordPress Plugin WordPress Comment Rating Cross-Site Scripting (1.5.3)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2729)