CVE-2014-9481
MEDIUMMediaWiki < 1.19.23 - Exposure of Sensitive Information via Scribunto Extension
Title source: llmDescription
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2014/12/21/2
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2015/01/03/13
Vendor Advisory x_refsource_misc
https://phabricator.wikimedia.org/T73167
Patch, Vendor Advisory x_refsource_confirm
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
Scores
CVSS v3
5.9
EPSS
0.0057
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
mediawiki/mediawiki
< 1.19.23
Published
Jan 27, 2020
Tracked Since
Feb 18, 2026