Description

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.

Remediation

References

CVE-2016-6335

Related Vulnerabilities

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2006-4471)

WordPress Plugin Advanced Post Type Ratings Cross-Site Scripting (1.01)

MySQL CVE-2021-35596 Vulnerability (CVE-2021-35596)

WordPress Plugin Cherry Cross-Site Scripting (1.2.8.1)

WordPress Plugin Responsive Media Gallery for WordPress-Everest Gallery Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

Severity

High

Classification

CVE-2016-6335 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities