| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-8812 | 5.0 |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
|
03-10-2019 - 00:03 | 15-11-2017 - 08:29 | |
| CVE-2017-8811 | 4.3 |
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
|
28-11-2017 - 17:11 | 15-11-2017 - 08:29 | |
| CVE-2017-8810 | 5.0 |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumera
|
28-11-2017 - 16:58 | 15-11-2017 - 08:29 | |
| CVE-2017-8809 | 7.5 |
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
|
28-11-2017 - 16:56 | 15-11-2017 - 08:29 | |
| CVE-2017-8808 | 4.3 |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
|
28-11-2017 - 16:29 | 15-11-2017 - 08:29 | |
| CVE-2017-8814 | 5.0 |
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
|
28-11-2017 - 16:24 | 15-11-2017 - 08:29 | |
| CVE-2017-8815 | 5.0 |
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
|
28-11-2017 - 16:23 | 15-11-2017 - 08:29 |