CVE-2014-3455
MediaWiki SemanticForms CSRF in CreateProperty, CreateTemplate, CreateForm, and CreateClass
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.
References (2)
Core 2
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html
Issue Tracking x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=57025
Scores
EPSS
0.0011
EPSS Percentile
28.5%
Details
CWE
CWE-352
Status
published
Products (16)
mediawiki/mediawiki
1.22.0
mediawiki/mediawiki
1.19 (3 CPE variants)
mediawiki/mediawiki
1.19.0
mediawiki/mediawiki
1.19.1
mediawiki/mediawiki
1.19.2
mediawiki/mediawiki
1.19.3
mediawiki/mediawiki
1.19.4
mediawiki/mediawiki
1.19.5
mediawiki/mediawiki
1.19.6
mediawiki/mediawiki
1.19.7
... and 6 more
Published
May 12, 2014
Tracked Since
Feb 18, 2026