ALT-PU-2014-1960-2

Обновление пакета mediawiki в ветке sisyphus

Версия1.23.1-alt1

Задание#126034

Опубликовано2026-02-04

Макс. серьёзностьMEDIUM

Серьёзность:

Закрытые проблемы (4)

MEDIUM4.0

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.

Опубликовано: 2014-04-20Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

Ссылки

MEDIUM4.3

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.

Опубликовано: 2014-04-29Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

Ссылки

LOW2.6

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

Опубликовано: 2014-06-06Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

Ссылки

GHSA-6h86-9r5g-f2h5

NONE

Cross-site scripting vulnerability in includes/actions/InfoAction.php

Опубликовано: 2022-05-17Изменено: 2024-11-02

Ссылки