2 matches found
CVE-2017-0370
CVE-2017-0370 relates to MediaWiki and is caused by a failure of the spam blacklist to block encoded URLs in the file inclusion syntax’s link parameter. Affected software is MediaWiki versions prior to 1.28.1, 1.27.2, and 1.23.16. The impact is that encoded URLs can bypass the blacklist, potentia...
Fedora 25 : mediawiki (2017-3fb95ed01f)
T109140 T122209 Special:UserLogin and Special:Search allow redirect to interwiki links. CVE-2017-0363, CVE-2017-0364 - T144845 XSS in SearchHighlighter::highlightText when $wgAdvancedSearchHighlighting is true. CVE-2017-0365 - T125177 API parameters may now be marked as 'sensitive' to keep their...