CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
Percentile
72.2%
A MediaWiki security announcement reports:
MediaWiki was found to be vulnerable to login CSRF.
An attacker who controls a user account on the target
wiki can force the victim to log in as the attacker,
via a script on an external website.
If the wiki is configured to allow user scripts, say
with “$wgAllowUserJs = true” in LocalSettings.php, then
the attacker can proceed to mount a phishing-style
attack against the victim to obtain their password.