VDB

GCVE-110-MAGEIA-2017-110

GCVE-110-MAGEIA-2017-110
Advisory Published
Vulnetix · Advisory published April 16, 2017
API parameters may now be marked as "sensitive" to keep their values out of the logs (CVE-2017-0361). "Mark all pages visited" on the watchlist now requires a CSRF token (CVE-2017-0362). Special:UserLogin and Special:Search allow redirect to interwiki links (CVE-2017-0363, CVE-2017-0364). XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true (CVE-2017-0365). SVG filter evasion using default attribute values in DTD declaration (CVE-2017-0366). Escape content model/format url parameter in message (CVE-2017-0368). Sysops can undelete pages, although the page is protected against it (CVE-2017-0369). Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter (CVE-2017-0370).

Affected Products

VendorProductVersionsPlatforms
Mageiapostgrey0 (affected), 1.37-1.1.mga6 (unaffected)
Mageiamediawiki0 (affected), 1.23.16-1.mga5 (unaffected), 0 (affected), 1.23.16-1.mga5 (unaffected)

Browse GCVE Records

73,044 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›