Justin Bull

1 exploit Active since Aug 2019
CVE-2019-15150 WRITEUP HIGH WRITEUP
mw-oauth2client < 0.4 - Cross-Site Request Forgery via OAuth2 State Parameter
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
CVSS 8.8