Description

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

Remediation

References

CVE-2015-6727

Related Vulnerabilities

Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.8)

OpenSSL Other Vulnerability (CVE-2003-0851)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-8159)

WordPress Plugin Indieweb Post Kinds Cross-Site Scripting (1.3.1)

Severity

Medium

Classification

CVE-2015-6727 CWE-200

Tags

Missing Update Known Vulnerabilities