VDB
GCVE-110-MAGEIA-2017-429
GCVE-110-MAGEIA-2017-429
Advisory Published
XSS when $wgShowExceptionDetails = false and browser sends non-standard
url escaping (CVE-2017-8808).
Reflected File Download from api.php (CVE-2017-8809).
On private wikis, login form shouldn't distinguish between login failure
due to bad username and bad password (CVE-2017-8810).
It's possible to mangle HTML via raw message parameter expansion
(CVE-2017-8811).
The id attribute on headlines allow raw > (CVE-2017-8812).
Language converter can be tricked into replacing text inside tags by
adding a lot of junk after the rule definition (CVE-2017-8814).
Language converter: unsafe attribute injection via glossary rules
(CVE-2017-8815).
composer.json has require-dev versions of PHPUnit with known security
issues (CVE-2017-9841).
Note that MediaWiki 1.23.x on Mageia 5 is no longer supported. Those
using the mediawiki package on Mageia 5 should upgrade to Mageia 6.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mediawiki | 1.27.4-1.mga6 (unaffected), 0 (affected) | — |
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.