Description
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
Remediation
References
Related Vulnerabilities
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (0.8)
Contao Improper Input Validation Vulnerability (CVE-2020-25768)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1154)
WordPress Plugin WordPress Simple Shopping Cart Cross-Site Request Forgery (3.5)
WordPress Plugin Follow Me Cross-Site Request Forgery (3.1.1)