CVE-2017-0368Improper Input Validation in Mediawiki

CWE-20Improper Input ValidationCWE-138Improper Neutralization of Special Elements7 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 53.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MediawikiDebian MediawikiDebian Linux
Timeline
PublishedApr 13
Latest updateMay 14

Description

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

debiandebian/mediawiki< mediawiki 1:1.27.2-1 (bookworm)
NVDmediawiki/mediawiki1.27.01.27.2+2
Debianmediawiki/mediawiki< 1:1.27.2-1+3
CVEListV5mediawiki/mediawikin/a

Also affects: Debian Linux 7.0

🔴Vulnerability Details

2
GHSA
GHSA-rgj4-22m7-2r9j: Mediawiki before 12022-05-14
OSV
CVE-2017-0368: Mediawiki before 12018-04-13

📋Vendor Advisories

2
Red Hat
mediawiki: Make rawHTML mode not apply to system messages2017-01-24
Debian
CVE-2017-0368: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode a...2017

💬Community

2
Bugzilla
CVE-2017-0368 mediawiki123: mediawiki: Make rawHTML mode not apply to system messages [epel-7]2018-04-20
Bugzilla
CVE-2017-0368 mediawiki: Make rawHTML mode not apply to system messages2018-04-20
CVE-2017-0368 — Improper Input Validation in Mediawiki | cvebase