Description

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

Remediation

References

CVE-2013-6455

Related Vulnerabilities

Zope Web Application Server CVE-2011-3587 Vulnerability (CVE-2011-3587)

PHP NULL Pointer Dereference Vulnerability (CVE-2018-14884)

WordPress Plugin myGallery Remote File Include (1.4b4)

Liferay DXP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2024-25606)

WordPress Plugin MasterStudy LMS-for Online Courses and Education SQL Injection (3.2.5)

Severity

Medium

Classification

CVE-2013-6455 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities