AVG-259 log

Package mediawiki
Status Fixed
Severity Medium
Type cross-site scripting
Affected 1.28.1-1
Fixed 1.28.2-1
Current 1.38.4-1 [community]
Ticket None
Created Sun Apr 30 20:59:52 2017
Issue Severity Remote Type Description
CVE-2017-0372 Medium Yes Cross-site scripting
The SyntaxHighlight extension in MediaWiki before 1.28.1 does not properly validate the 'start' parameter before passing it to Pygments.
References
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html