Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2017-0371

Published: 18/02/2022 Updated: 28/02/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Mediawiki

Vulnerability Summary

MediaWiki prior to 1.23.16, 1.24.x up to and including 1.27.x prior to 1.27.2, and 1.28.x prior to 1.28.1 allows remote malicious users to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mediawiki mediawiki

Vendor Advisories

Red Hat:
MediaWiki before 12316, 124x through 127x before 1272, and 128x before 1281 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute ...

References

NVD-CWE-noinfohttps://phabricator.wikimedia.org/T68404https://phabricator.wikimedia.org/T140591https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-0371
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook