CVE-2017-8814 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Cross-site scripting
Description	The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-490	mediawiki	1.29.1-1	1.29.2-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
15 Nov 2017	ASA-201711-20	AVG-490	mediawiki	High	multiple issues

References
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html https://phabricator.wikimedia.org/T124404 https://github.com/wikimedia/mediawiki/commit/fbe78cfa094645b907d0fd2885c5797321f794eb

References

https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
https://phabricator.wikimedia.org/T124404
https://github.com/wikimedia/mediawiki/commit/fbe78cfa094645b907d0fd2885c5797321f794eb