Description

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

Remediation

References

CVE-2017-8812

Related Vulnerabilities

WordPress Plugin Twitter Feed:Embedded Timeline 'url' Parameter Cross-Site Scripting (0.3.1)

Oracle JRE CVE-2014-2413 Vulnerability (CVE-2014-2413)

MySQL CVE-2021-2060 Vulnerability (CVE-2021-2060)

Java Unspesificed Vulnerability (CVE-2020-14798)

WordPress Plugin Images to WebP Multiple Vulnerabilities (1.8)

Severity

Medium

Classification

CVE-2017-8812 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities