mediawiki stores cache files in /tmp
directory and is vulnerable to cache poisoning attacks. A user on the same system will be able to insert an evil cache file and perform xss attacks to steal user credentials and information.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki/core | le | 1.28.0 | |
mediawiki/core | le | 1.27.1 |