CVE-2017-0362

Summary

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

Affected Software

VendorProductVersion RangeStatus
mediawikimediawikin/aaffected

Weaknesses

  • missing requirement on token

ADP Enrichment

CVE Program Container

Additional References

References