DEBIAN-CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

PT-2018-3640 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1 Description: The issue is related to a lack of input validation mechanism in MediaWiki, which can be exploited by a remote attacker to impact data integrity. Specifically, when MediaWiki:Mainpage is set to...

CVE-2008-0271

The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete custom editor interfaces...

SA-2008-003 - BUEditor - CSRF

BUEditor is a plain textarea editor aiming to facilitate code writing. It supports completely customizable interface and button functionality via role-based editors. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally...