WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-0372)

Description

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2011-2232 Vulnerability (CVE-2011-2232)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.36)

Joomla Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2007-4190)

WordPress Plugin Shortcode Redirect 'domain' Parameter Cross-Site Scripting (1.0.01)

WordPress Plugin Gravity Forms Cross-Site Scripting (1.9.5)

Severity

Critical

Classification

CVE-2017-0372 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities