CVE-2022-29905

CVE-2022-29905

EPSS 0.4%

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/FanBoxes/+/786327 https://phabricator.wikimedia.org/T306741