VDB

GCVE-110-MAGEIA-2017-429

GCVE-110-MAGEIA-2017-429
Advisory Published
Vulnetix · Advisory published November 29, 2017
XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping (CVE-2017-8808). Reflected File Download from api.php (CVE-2017-8809). On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password (CVE-2017-8810). It's possible to mangle HTML via raw message parameter expansion (CVE-2017-8811). The id attribute on headlines allow raw > (CVE-2017-8812). Language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition (CVE-2017-8814). Language converter: unsafe attribute injection via glossary rules (CVE-2017-8815). composer.json has require-dev versions of PHPUnit with known security issues (CVE-2017-9841). Note that MediaWiki 1.23.x on Mageia 5 is no longer supported. Those using the mediawiki package on Mageia 5 should upgrade to Mageia 6.

Affected Products

VendorProductVersionsPlatforms
Mageiamediawiki1.27.4-1.mga6 (unaffected), 0 (affected)

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›