Vulnerabilities > CVE-2017-8812

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
mediawiki
debian
nessus

Summary

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

Vulnerable Configurations

Part Description Count
Application
Mediawiki
321
OS
Debian
1

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_298829E2CCCE11E792E4000C29649F92.NASL
    descriptionmediawiki reports : security fixes : T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id104693
    published2017-11-20
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104693
    titleFreeBSD : mediawiki -- multiple vulnerabilities (298829e2-ccce-11e7-92e4-000c29649f92)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4036.NASL
    descriptionMultiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work : - CVE-2017-8808 Cross-site-scripting with non-standard URL escaping and $wgShowExceptionDetails disabled. - CVE-2017-8809 Reflected file download in API. - CVE-2017-8810 On private wikis the login form didn
    last seen2020-06-01
    modified2020-06-02
    plugin id104588
    published2017-11-16
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104588
    titleDebian DSA-4036-1 : mediawiki - security update