Description

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

Remediation

References

CVE-2017-8812

Related Vulnerabilities

WordPress Plugin AJS Instagram Feed Cross-Site Scripting (1.0)

WordPress Plugin Easy Accordion-Best Accordion FAQ Cross-Site Scripting (2.0.21)

Oracle Database Server CVE-2020-2735 Vulnerability (CVE-2020-2735)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (2.6.6)

WordPress Plugin Lara's Google Analytics Cross-Site Scripting (2.0.4)

Severity

Medium

Classification

CVE-2017-8812 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities