CVE-2017-0372
Description
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
CWE
- (none)
Affected
- mediawiki / mediawiki (SyntaxHighlight extension) — v=n/a [affected]
CVSS
- (none)
References
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html mailing-list, x_refsource_MLIST
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html mailing-list, x_refsource_MLIST
- https://bugs.debian.org/861585 x_refsource_MISC
- https://phabricator.wikimedia.org/T158689 x_refsource_CONFIRM
- https://security-tracker.debian.org/tracker/CVE-2017-0372 x_refsource_CONFIRM
Source
cvelistV5-main/cves/2017/0xxx/CVE-2017-0372.json