Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-53483

Опубликовано: 04 июл. 2025
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site.

This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Ссылки

EPSS

Процентиль: 4%
0.00018
Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

github логотип

GHSA-ggcw-hfmh-53q3

CVSS3: 8.8
github
7 месяцев назад

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

EPSS

Процентиль: 4%
0.00018
Низкий

8.8 High

CVSS3

Дефекты

CWE-352