Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MediaWiki 图像链接输入验证漏洞
Vulnerability Description
MediaWiki是美国维基媒体(Wikimedia)基金会和MediaWiki志愿者共同开发维护的一套自由免费的基于网络的Wiki引擎,它可用于部署内部的知识管理和内容管理系统。 MediaWiki的图像链接存在输入验证漏洞。因未阻止wiki编辑者从wiki页面上的其它web站点引用图片链接,允许编辑者通过在攻击者控制的web站点上增加一个图像链接取得wiki用户的IP地址和其它信息,也叫“CSS确认问题”。
CVSS Information
N/A
Vulnerability Type
N/A