Description
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.
Remediation
References
Related Vulnerabilities
WordPress Multiple Cross-Site Scripting Vulnerabilities (1.2 - 1.2.1)
Drupal Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-13670)
ownCloud Resource Management Errors Vulnerability (CVE-2015-6500)
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-41164)
WordPress Plugin Teamleader CRM Forms Cross-Site Scripting (2.0.0)