CVE-2014-3454

MediaWiki < 1.19.10, 1.2x < 1.21.4, 1.22.x < 1.22.1 - Cross-Site Request Forgery in Special:CreateCategory

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.

References (2)

Core 2
Core References
Patch, Vendor Advisory mailing-list x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html
Issue Tracking x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=57025

Scores

EPSS 0.0016
EPSS Percentile 36.0%

Details

CWE
CWE-352
Status published
Products (16)
mediawiki/mediawiki 1.22.0
mediawiki/mediawiki 1.21
mediawiki/mediawiki 1.21.1
mediawiki/mediawiki 1.21.2
mediawiki/mediawiki 1.21.3
mediawiki/mediawiki 1.19 (3 CPE variants)
mediawiki/mediawiki 1.19.0
mediawiki/mediawiki 1.19.1
mediawiki/mediawiki 1.19.2
mediawiki/mediawiki 1.19.3
... and 6 more
Published May 12, 2014
Tracked Since Feb 18, 2026