VDB
GCVE-110-MAGEIA-2017-110
GCVE-110-MAGEIA-2017-110
Advisory Published
API parameters may now be marked as "sensitive" to keep their values out
of the logs (CVE-2017-0361).
"Mark all pages visited" on the watchlist now requires a CSRF token
(CVE-2017-0362).
Special:UserLogin and Special:Search allow redirect to interwiki links
(CVE-2017-0363, CVE-2017-0364).
XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true (CVE-2017-0365).
SVG filter evasion using default attribute values in DTD declaration
(CVE-2017-0366).
Escape content model/format url parameter in message (CVE-2017-0368).
Sysops can undelete pages, although the page is protected against it
(CVE-2017-0369).
Spam blacklist ineffective on encoded URLs inside file inclusion syntax's
link parameter (CVE-2017-0370).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | postgrey | 0 (affected), 1.37-1.1.mga6 (unaffected) | — |
| Mageia | mediawiki | 0 (affected), 1.23.16-1.mga5 (unaffected), 0 (affected), 1.23.16-1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,044 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.