Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Remediation

References

CVE-2021-31547

Related Vulnerabilities

WordPress Plugin Elementor Addon Elements Multiple Cross-Site Scripting Vulnerabilities (1.11.1)

WordPress 3.7.x PHP Object Injection (3.7 - 3.7.35)

WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)

WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)

WebLogic CVE-2019-2452 Vulnerability (CVE-2019-2452)

Severity

Medium

Classification

CVE-2021-31547 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities