3 matches found
Updated mediawiki packages fix CVE-2014-2665
Updated mediawiki packages fix security vulnerability: Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity CVE-2014-2665. MediaWiki has been...
MediaWiki < 1.19.14 / 1.21.8 / 1.22.5 ChangePassword XSRF
According to its version number, the instance of MediaWiki running on the remote host is affected by a cross-site request forgery vulnerability. A flaw exists with Special:ChangePassword within the includes/specials/SpecialChangePassword.php script where HTTP requests do not require explicit...
Fedora 19 : mediawiki-1.20.5-1.fc19 (2013-7654)
Changes since 1.20.4 - bug 46590 Add hook AbortChangePassword to Special:ChangePassword - bug 47304 SECURITY: Check SVG xml encoding against whitelist - Localisation updates from http://translatewiki.net. - mwdocgen.php: Implement --version option. - Remove svnstat stuff used in Doxygen generatio...