Xavier Combelle

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.23.12 MediaWiki versions 1.24.x prior to 1.24.5 MediaWiki versions 1.25.x prior to 1.25.4 MediaWiki versions 1.26.x prior to 1.26.1 **Description** The issue allows remote attackers to obtain sensitive user login information via crafted links combined with page view statistics on certain special pages, including Special:MyPage, Special:MyTalk, Special:MyContributions, Special:MyUploads, and Special:AllMyUploads. **Recommendations** For MediaWiki versions prior to 1.23.12, update to version 1.23.12 or later. For MediaWiki versions 1.24.x prior to 1.24.5, update to version 1.24.5 or later. For MediaWiki versions 1.25.x prior to 1.25.4, update to version 1.25.4 or later. For MediaWiki versions 1.26.x prior to 1.26.1, update to version 1.26.1 or later.