vulnerability
MediaWiki: CVE-2014-9481: Exposure of Sensitive Information to an Unauthorized Actor
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Jan 27, 2020 | Feb 7, 2020 | May 6, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Jan 27, 2020
Added
Feb 7, 2020
Modified
May 6, 2026
Description
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
Solution
mediawiki-upgrade-latest
References
- CVE-2014-9481
- https://attackerkb.com/topics/CVE-2014-9481
- http://www.openwall.com/lists/oss-security/2014/12/21/2
- http://www.openwall.com/lists/oss-security/2015/01/03/13
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
- https://phabricator.wikimedia.org/T73167
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2014-9300
- CWE-200
- EUVD-EUVD-2014-9300
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.