vulnerability
MediaWiki: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CVE-2017-0372)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Apr 13, 2018 | Oct 23, 2019 | May 9, 2022 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Apr 13, 2018
Added
Oct 23, 2019
Modified
May 9, 2022
Description
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Solution
mediawiki-upgrade-latest
References
- CVE-2017-0372
- https://attackerkb.com/topics/CVE-2017-0372
- URL-https://bugs.debian.org/861585
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
- URL-https://phabricator.wikimedia.org/T158689
- URL-https://security-tracker.debian.org/tracker/CVE-2017-0372
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.