CVE-2017-0371 — Vulnetix

CVE-2017-0371 REJECTED

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.

EPSS 0.21% · 43.8th percentile

Risk Scores

EPSS Score

0.21%

43.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	mediawiki	0, 1:1.27.3-1, 1:1.27.4-1

Exploit Intelligence

https://phabricator.wikimedia.org/T68404 (nist-nvd)
https://phabricator.wikimedia.org/T140591 (circl)

Timeline

Feb 18, 2022 CVE Published
Feb 19, 2022 EPSS Score
Apr 12, 2022 EPSS Score
Jun 3, 2022 EPSS Score
Jul 26, 2022 EPSS Score
Sep 16, 2022 EPSS Score
Dec 30, 2022 EPSS Score
Feb 20, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 13, 2023 EPSS Score
Jun 4, 2023 EPSS Score
Jul 26, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-0371 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-0371 third-party-advisory

Open in Interactive Console →