CVE-2017-8812 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-490	mediawiki	1.29.1-1	1.29.2-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
15 Nov 2017	ASA-201711-20	AVG-490	mediawiki	High	multiple issues

References
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html https://phabricator.wikimedia.org/T125163 https://github.com/wikimedia/mediawiki/commit/31041e4557c2f4b96ef0a16e44bf6be5566a9ffb

References

https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
https://phabricator.wikimedia.org/T125163
https://github.com/wikimedia/mediawiki/commit/31041e4557c2f4b96ef0a16e44bf6be5566a9ffb