CVE-2017-8815 log

Source
Severity High
Remote Yes
Type Cross-site scripting
Description
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
Group Package Affected Fixed Severity Status Ticket
AVG-490 mediawiki 1.29.1-1 1.29.2-1 High Fixed
Date Advisory Group Package Severity Description
15 Nov 2017 ASA-201711-20 AVG-490 mediawiki High multiple issues
References
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
https://phabricator.wikimedia.org/T119158
https://github.com/wikimedia/mediawiki/commit/f21f3942eb10d7e688eb25261ac3a9478268cbd3