4 matches found
CVE-2025-67646
TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...
CVE-2025-67646 TableProgressTracking's missing CSRF protection allows unauthorized state changes
TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...
CVE-2025-67646
CVE-2025-67646 affects the MediaWiki extension TableProgressTracking. Versions 1.2.0 and earlier do not enforce CSRF token validation in the REST API, allowing an attacker to craft a malicious page that, when loaded by an authenticated wiki user, can perform unintended authenticated actions (e.g....
EUVD-2025-202641
TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...