Vulnerabilities > CVE-2017-8812
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
Vulnerable Configurations
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_298829E2CCCE11E792E4000C29649F92.NASL description mediawiki reports : security fixes : T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn last seen 2020-06-01 modified 2020-06-02 plugin id 104693 published 2017-11-20 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104693 title FreeBSD : mediawiki -- multiple vulnerabilities (298829e2-ccce-11e7-92e4-000c29649f92) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4036.NASL description Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work : - CVE-2017-8808 Cross-site-scripting with non-standard URL escaping and $wgShowExceptionDetails disabled. - CVE-2017-8809 Reflected file download in API. - CVE-2017-8810 On private wikis the login form didn last seen 2020-06-01 modified 2020-06-02 plugin id 104588 published 2017-11-16 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104588 title Debian DSA-4036-1 : mediawiki - security update