CVE-2017-0365
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
Source: CVE-2017-0365
[월:] 2018년 04월
CVE-2017-0366
CVE-2017-0366
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
Source: CVE-2017-0366
CVE-2017-0359
CVE-2017-0359
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.
Source: CVE-2017-0359
CVE-2017-0368
CVE-2017-0368
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
Source: CVE-2017-0368
CVE-2017-0367
CVE-2017-0367
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
Source: CVE-2017-0367
CVE-2017-0370
CVE-2017-0370
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax’s link parameter.
Source: CVE-2017-0370
CVE-2017-0369
CVE-2017-0369
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
Source: CVE-2017-0369
CVE-2017-0372
CVE-2017-0372
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Source: CVE-2017-0372
CVE-2017-0364
CVE-2017-0364
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
Source: CVE-2017-0364
CVE-2017-0361
CVE-2017-0361
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
Source: CVE-2017-0361