CNNVD-202512-2028 Information

CNNVD ID

CNNVD-202512-2028

Related CVE

CVE-2025-67646

• CNNVD Published: 2025-12-11

Description (Chinese)

TableProgressTracking是Telepedia开源的一个MediaWiki扩展。 TableProgressTracking 1.2.0及之前版本存在跨站请求伪造漏洞，该漏洞源于REST API中缺少CSRF令牌验证，可能导致跨站请求伪造攻击。

Description (English)

TableProgressTracking is a MediaWiki extension of Telepedia’s open source. There is a breach of cross-site requests for forgery in TableProgressTracking 1.2.0 and earlier versions, which stems from the lack of CSRF token verification in RRT API, which may lead to cross-site requests for false attacks.

Hazard Level

Critical

Vulnerability Type

跨站请求伪造

Affected Vendor

Telepedia

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/Telepedia/TableProgressTracking/commit/e2aa8c4b3bb78989c6fe39070a95a26d22b91c94 https://github.com/Telepedia/TableProgressTracking/security/advisories/GHSA-j24f-hw6w-cq78

Patch

https://github.com/Telepedia/TableProgressTracking