5 matches found
CVE-2025-67646
TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...
TableProgressTracking 跨站请求伪造漏洞
TableProgressTracking is an open source MediaWiki extension from Telepedia. A cross-site request forgery vulnerability exists in TableProgressTracking 1.2.0 and earlier versions, which stems from a lack of CSRF token validation in the REST API, and could lead to a cross-site request forgery attac...
CVE-2025-67646 TableProgressTracking's missing CSRF protection allows unauthorized state changes
TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...
CVE-2025-67646 TableProgressTracking's missing CSRF protection allows unauthorized state changes
TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...
PT-2025-50559
TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...