CVE-2017-0364
- EPSS 1.12%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
CVE-2017-0365
- EPSS 1.19%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
CVE-2017-0366
- EPSS 1.34%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
CVE-2017-0367
- EPSS 1.86%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
CVE-2017-0368
- EPSS 1.53%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
CVE-2017-0369
- EPSS 1.21%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:50
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
CVE-2017-0370
- EPSS 1.43%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:51
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
CVE-2017-0372
- EPSS 11.65%
- Veröffentlicht 13.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:51
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
CVE-2016-9646
- EPSS 1.18%
- Veröffentlicht 13.04.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:01:34
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
CVE-2017-0356
- EPSS 3.46%
- Veröffentlicht 13.04.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:02:49
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.