Description
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-21968 Vulnerability (CVE-2022-21968)
WordPress Plugin Chatbot with IBM Watson Cross-Site Scripting (0.8.20)
Atlassian Confluence Asymmetric Resource Consumption (Amplification) Vulnerability (CVE-2025-22166)
Oracle Database Server Improper Input Validation Vulnerability (CVE-2020-1953)