Description

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.

Remediation

References

CVE-2017-8815

Related Vulnerabilities

Drupal Other Vulnerability (CVE-2016-3164)

WordPress 2.0.5 Invalid CSRF Token Cross-Site Scripting Vulnerability (0.6.2 - 2.0.5)

Oracle JRE CVE-2019-2894 Vulnerability (CVE-2019-2894)

SharePoint CVE-2024-32987 Vulnerability (CVE-2024-32987)

Liferay Portal Improper Certificate Validation Vulnerability (CVE-2022-42131)

Severity

High

Classification

CVE-2017-8815 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities