4 matches found
CVE-2017-0365
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText with non-default configurations...
CVE-2017-0365
CVE-2017-0365 is a XSS vulnerability in MediaWiki’s SearchHighlighter::highlightText() that affects MediaWiki versions prior to 1.28.1, 1.27.2, and 1.23.16 when non-default configurations are used. The issue is purely described as a cross‑site scripting flaw; no exploitation details or in‑the‑wil...
CVE-2017-0365
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText with non-default configurations...
Fedora 25 : mediawiki (2017-3fb95ed01f)
T109140 T122209 Special:UserLogin and Special:Search allow redirect to interwiki links. CVE-2017-0363, CVE-2017-0364 - T144845 XSS in SearchHighlighter::highlightText when $wgAdvancedSearchHighlighting is true. CVE-2017-0365 - T125177 API parameters may now be marked as 'sensitive' to keep their...