Description Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. Remediation References CVE-2017-0368 Related Vulnerabilities ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1893) WordPress Plugin Web Tripwire Arbitrary File Upload (0.1.1) WordPress Plugin RSVPMaker SQL Injection (5.6.3) WordPress Plugin Schema App Structured Data Unspecified Vulnerability (0.5.4) CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17960) Severity Medium Classification CVE-2017-0368 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities