Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mediawiki
(Mediawiki)Repositories |
• https://github.com/wikimedia/mediawiki
• https://github.com/wikimedia/mediawiki-core |
#Vulnerabilities | 363 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-11-15 | CVE-2017-8812 | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | Debian_linux, Mediawiki | 5.3 | ||
2017-11-15 | CVE-2017-8811 | The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | Debian_linux, Mediawiki | 6.1 | ||
2017-11-15 | CVE-2017-8810 | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. | Debian_linux, Mediawiki | 7.5 | ||
2017-11-15 | CVE-2017-8809 | api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | Debian_linux, Mediawiki | 9.8 | ||
2017-11-15 | CVE-2017-8808 | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | Debian_linux, Mediawiki | 6.1 | ||
2018-04-13 | CVE-2017-0372 | Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | Debian_linux, Mediawiki | 9.8 | ||
2018-04-13 | CVE-2017-0370 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | Debian_linux, Mediawiki | 5.3 | ||
2018-04-13 | CVE-2017-0368 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | Debian_linux, Mediawiki | 5.3 | ||
2018-04-13 | CVE-2017-0366 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. | Debian_linux, Mediawiki | 5.4 | ||
2018-04-13 | CVE-2017-0365 | Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. | Debian_linux, Mediawiki | 4.7 |