CNNVD-202507-502 Information
CNNVD ID
CNNVD-202507-502
Related CVE
- CNNVD Published: 2025-07-04
Description (Chinese)
Wikimedia Mediawiki - SecurePoll extension是Wikimedia基金会的一个用于选举、投票和调查的特殊页面扩展。 Wikimedia Mediawiki - SecurePoll extension 1.39.13之前版本、1.42.7之前版本和1.43.2之前版本存在跨站请求伪造漏洞,该漏洞源于未验证请求方法或CSRF令牌,可能导致触发敏感操作。
Description (English)
Wikimedia Mediawiki - SecurePoll extension is a special page extension of the Wikimedia Foundation for elections, voting and investigations. Wikimedia Mediawiki - Pre-SecurePoll extension 1.39.13, pre-I.42.7 and pre-I.4.3.2 have a cross-site request forgery loophole, which originates from unverified request methods or CSRF tokens and may trigger sensitive operations.
Hazard Level
Medium
Vulnerability Type
跨站请求伪造
Affected Vendor
维基媒体
Published
2025-07-04
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-53483 https://access.redhat.com/security/cve/cve-2025-53483
Patch
https://www.mediawiki.org/wiki/Special:ExtensionDistributor/SecurePoll
Share on: