Description

The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.

Remediation

References

CVE-2014-9481

Related Vulnerabilities

WordPress Plugin Theme Editor Multiple Vulnerabilities (2.1)

SharePoint CVE-2021-38651 Vulnerability (CVE-2021-38651)

MySQL CVE-2020-14773 Vulnerability (CVE-2020-14773)

WordPress Plugin Wordpress Countdown Widget Cross-Site Scripting (3.1.9.2)

WordPress Plugin Zedity:The Easiest Way To Create Posts & Pages Cross-Site Scripting (2.5.0)

Severity

Medium

Classification

CVE-2014-9481 CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities