4 matches found
BIT-MEDIAWIKI-2020-35626
An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php...
MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2020-73499)
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site request forgery vulnerability exists in MediaWiki version 1.35.1...
CVE-2020-35626
An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php...
MediaWiki 跨站请求伪造漏洞
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site request forgery vulnerability exists in MediaWiki version 1.35.1...