Description

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

Remediation

References

CVE-2013-6455

Related Vulnerabilities

WordPress Plugin AP Companion includes Backdoor [Only if downloaded via the vendor website] (1.0.6)

WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (2.9.60)

WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)

WordPress Plugin 123ContactForm for WordPress Multiple Vulnerabilities (1.5.6)

WordPress Plugin Wallable-Social Networking Arbitrary File Upload (1.1)

Severity

Medium

Classification

CVE-2013-6455 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities