Description
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.
Remediation
References
Related Vulnerabilities
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)
WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (2.9.60)
WordPress Plugin ALO EasyMail Newsletter Multiple Cross-Site Scripting Vulnerabilities (2.4.7)
WordPress Plugin PopCash.Net Code Integration Tool Cross-Site Scripting (1.0)
WordPress Plugin Font Uploader 'font-upload.php' Arbitrary File Upload (1.2.4)