Description
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Images Slideshow by 2J-Image Slider Unspecified Vulnerability (1.2.15)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1171)
MySQL CVE-2017-3461 Vulnerability (CVE-2017-3461)
WordPress Plugin Portrait-Archiv.com Photostore Cross-Site Scripting (3.1)