CVE Vulnerabilities

CVE-2017-8812

Published: Nov 15, 2017 | Modified: Apr 20, 2025
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

Affected Software

Name Vendor Start Version End Version
Mediawiki Mediawiki * 1.27.3 (including)
Mediawiki Mediawiki 1.28.0 (including) 1.28.0 (including)
Mediawiki Mediawiki 1.28.1 (including) 1.28.1 (including)
Mediawiki Mediawiki 1.28.2 (including) 1.28.2 (including)
Mediawiki Mediawiki 1.29.0 (including) 1.29.0 (including)
Mediawiki Mediawiki 1.29.1 (including) 1.29.1 (including)
Mediawiki Ubuntu artful *
Mediawiki Ubuntu trusty *
Mediawiki Ubuntu upstream *
Mediawiki Ubuntu zesty *

References