AVG-259 log
| Package | mediawiki |
| Status | Fixed |
| Severity | Medium |
| Type | cross-site scripting |
| Affected | 1.28.1-1 |
| Fixed | 1.28.2-1 |
| Current | 1.42.3-1 [extra] |
| Ticket | None |
| Created | Sun Apr 30 20:59:52 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-0372 | Medium | Yes | Cross-site scripting | The SyntaxHighlight extension in MediaWiki before 1.28.1 does not properly validate the 'start' parameter before passing it to Pygments. |
| References |
|---|
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html |