Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mediawiki mediawiki 1.28.0 vulnerabilities and exploits

(subscribe to this query)
445
VMScore
CVE-2017-8815
The language converter in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows attribute injection attacks via glossary rules.
Mediawiki Mediawiki 1.29.0Mediawiki MediawikiMediawiki Mediawiki 1.29.1Mediawiki Mediawiki 1.28.0Mediawiki Mediawiki 1.28.1Mediawiki Mediawiki 1.28.2Debian Debian Linux 9.0
445
VMScore
CVE-2017-8810
MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote malicious users to enumerate account names a...
Mediawiki Mediawiki 1.28.1Mediawiki MediawikiMediawiki Mediawiki 1.29.0Mediawiki Mediawiki 1.29.1Mediawiki Mediawiki 1.28.0Mediawiki Mediawiki 1.28.2Debian Debian Linux 9.0
445
VMScore
CVE-2017-8812
MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows remote malicious users to inject > (greater than) characters via the id attribute of a headline.
Mediawiki Mediawiki 1.28.1Mediawiki MediawikiMediawiki Mediawiki 1.29.0Mediawiki Mediawiki 1.29.1Mediawiki Mediawiki 1.28.0Mediawiki Mediawiki 1.28.2Debian Debian Linux 9.0
445
VMScore
CVE-2017-8814
The language converter in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows malicious users to replace text inside tags via a rule definition followed by "a lot of junk."
Mediawiki Mediawiki 1.29.1Mediawiki Mediawiki 1.28.0Mediawiki Mediawiki 1.28.1Mediawiki Mediawiki 1.28.2Mediawiki Mediawiki 1.29.0Mediawiki MediawikiDebian Debian Linux 9.0
383
VMScore
CVE-2017-8808
MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
Mediawiki MediawikiMediawiki Mediawiki 1.29.0Mediawiki Mediawiki 1.29.1Mediawiki Mediawiki 1.28.0Mediawiki Mediawiki 1.28.1Mediawiki Mediawiki 1.28.2Debian Debian Linux 9.0
383
VMScore
CVE-2017-8811
The implementation of raw message parameter expansion in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 allows HTML mangling attacks.
Mediawiki Mediawiki 1.29.0Mediawiki Mediawiki 1.29.1Mediawiki Mediawiki 1.28.1Mediawiki MediawikiMediawiki Mediawiki 1.28.0Mediawiki Mediawiki 1.28.2Debian Debian Linux 9.0
668
VMScore
CVE-2017-8809
api.php in MediaWiki prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2 has a Reflected File Download vulnerability.
Mediawiki Mediawiki 1.29.0Mediawiki Mediawiki 1.29.1Mediawiki Mediawiki 1.28.0Mediawiki Mediawiki 1.28.1Mediawiki MediawikiMediawiki Mediawiki 1.28.2Debian Debian Linux 9.0
790
VMScore
CVE-2017-0372
Parameters injection in the SyntaxHighlight extension of Mediawiki prior to 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Mediawiki Mediawiki 1.27.1Mediawiki Mediawiki 1.28.0Mediawiki MediawikiMediawiki Mediawiki 1.27.2Mediawiki Mediawiki 1.27.0Mediawiki Mediawiki 1.28.1Debian Debian Linux 9.0Debian Debian Linux 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook