Описание
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 1:1.15.1-1ubuntu2 |
| hardy | released | 1:1.11.2-2ubuntu0.5 |
| intrepid | released | 1:1.12.0-2ubuntu0.5 |
| jaunty | released | 1:1.13.3-1ubuntu2.2 |
| karmic | released | 1:1.15.0-1.1ubuntu0.2 |
| upstream | released | 1.15.3 |
Показывать по
EPSS
6 Medium
CVSS2
Связанные уязвимости
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not proper ...
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.
EPSS
6 Medium
CVSS2