AVG-259 log

Package mediawiki
Status Fixed
Severity Medium
Type cross-site scripting
Affected 1.28.1-1
Fixed 1.28.2-1
Current 1.41.1-1 [extra]
Ticket None
Created Sun Apr 30 20:59:52 2017
Issue Severity Remote Type Description
CVE-2017-0372 Medium Yes Cross-site scripting
The SyntaxHighlight extension in MediaWiki before 1.28.1 does not properly validate the 'start' parameter before passing it to Pygments.