3 matches found
MediaWiki Reflected Cross-Site Scripting (CVE-2017-8809)
A reflected cross-site scripting vulnerability exists in MediaWiki. The vulnerability is due to insufficient input validation on user input in the api.php component. A remote user can exploit this vulnerability by enticing a user to click on a malicious link...
CVE-2017-8809
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability...
CVE-2017-8809
MediaWiki is affected by CVE-2017-8809: a Reflected File Download vulnerability in api.php affecting versions prior to 1.27.4, 1.28.x prior to 1.28.3, and 1.29.x prior to 1.29.2. The issue arises from insufficient input validation in api.php, allowing a remote attacker to trigger a file download ...