vulnerability

FreeBSD: mediawiki -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:C/A:N)	May 20, 2016	May 24, 2016	Feb 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:N)

Published

May 20, 2016

Added

May 24, 2016

Modified

Feb 19, 2025

Description

Mediawiki reports:

Security fixes:
T122056: Old tokens are remaining valid within a new session
T127114: Login throttle can be tricked using non-canonicalized
usernames
T123653: Cross-domain policy regexp is too narrow
T123071: Incorrectly identifying http link in a's href
attributes, due to m modifier in regex
T129506: MediaWiki:Gadget-popups.js isn't renderable
T125283: Users occasionally logged in as different users after
SessionManager deployment
T103239: Patrol allows click catching and patrolling of any
page
T122807: [tracking] Check php crypto primatives
T98313: Graphs can leak tokens, leading to CSRF
T130947: Diff generation should use PoolCounter
T133507: Careless use of $wgExternalLinkTarget is insecure
T132874: API action=move is not rate limited

Solution(s)

freebsd-upgrade-package-mediawiki123freebsd-upgrade-package-mediawiki124freebsd-upgrade-package-mediawiki125freebsd-upgrade-package-mediawiki126

References

URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today