CVE-2023-45374

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.

Related Vulnerabilities

CVE-2013-6365

MEDIUM
CVSS:5.3(Medium)

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

CWE-3522013

CVE-2018-10099

MEDIUM
CVSS:5.3(Medium)

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns...

CWE-3522018

CVE-2018-19334

MEDIUM
CVSS:5.3(Medium)

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axi...

CWE-3522018

CVE-2018-19335

MEDIUM
CVSS:5.3(Medium)

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby ...

CWE-3522018

CVE-2019-1003017

MEDIUM
CVSS:5.3(Medium)

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentiall...

CWE-3522019

CVE-2019-19375

MEDIUM
CVSS:5.3(Medium)

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS version...

CWE-3522019