CVE-2017-0370 |
Medium |
Yes |
Insufficient validation |
The spam blacklist in MediaWiki before 1.28.1 could be bypassed by encoding URLs inside a file inclusion syntax's link parameter. |
CVE-2017-0369 |
Low |
Yes |
Access restriction bypass |
In MediaWiki < 1.28.1, a normal sysop that doesn't have the necessary rights to override a page protection can still recreate it by restoring a former... |
CVE-2017-0368 |
Low |
Yes |
Cross-site scripting |
MediaWiki < 1.28.1 did not properly mark system messages as raw HTML, hence not properly escaping it. |
CVE-2017-0367 |
High |
No |
Arbitrary code execution |
MediaWiki before 1.28.1 uses the default system temporary directory for the LocalisationCache directory, allowing a local attacker to execute arbitrary code... |
CVE-2017-0366 |
High |
Yes |
Cross-site scripting |
MediaWiki < 1.28.1 did not properly filter the DTD declaration when a SVG file was uploaded, leading to a persistent XSS. |
CVE-2017-0365 |
Medium |
Yes |
Cross-site scripting |
SearchHighlighter::removeWiki() uses a regex to remove html from snippets. The regex - /<\/?[^>]+>/ assumes that html is well-formed. As a result when using... |
CVE-2017-0364 |
Medium |
Yes |
Open redirect |
The Special:Search page in MediaWiki < 1.28.1 has an open redirect issue. |
CVE-2017-0363 |
Medium |
Yes |
Open redirect |
The Special:UserLogin page in MediaWiki < 1.28.1 has an open redirect issue. |
CVE-2017-0362 |
Medium |
Yes |
Cross-site request forgery |
MediaWiki before 1.18.1 did not require a CSRF token for the "Mark all pages visited" action on the watchlist. |
CVE-2017-0361 |
High |
No |
Information disclosure |
MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters may now be marked as "sensitive" to keep their values out of the logs. |