CVE-2017-8808

CVSS v3.0 6.1 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.09 % (40^th)

Affected Products 2

Advisories 3

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Debian GNU/Linux
Published Date: 2017-11-15 08:29:00
(6 years ago)
Updated Date: 2017-11-28 16:29:49
(6 years ago)

Affected Products

Debian

Debian Linux

Mediawiki

Mediawiki

Configuration #1

	CPE23	Up To
Mediawiki 1.27.3 and prior versions	cpe:2.3:a:mediawiki:mediawiki	<= 1.27.3
Mediawiki 1.28.0	cpe:2.3:a:mediawiki:mediawiki:1.28.0
Mediawiki 1.28.1	cpe:2.3:a:mediawiki:mediawiki:1.28.1
Mediawiki 1.28.2	cpe:2.3:a:mediawiki:mediawiki:1.28.2
Mediawiki 1.29.0	cpe:2.3:a:mediawiki:mediawiki:1.29.0
Mediawiki 1.29.1	cpe:2.3:a:mediawiki:mediawiki:1.29.1

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0