Description

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

Remediation

References

CVE-2017-8814

Related Vulnerabilities

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11876)

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36501)

WordPress Plugin Email Artillery (MASS EMAIL) Multiple Vulnerabilities (4.1)

WordPress Plugin Shortcode Factory Local File Inclusion (2.7)

WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6)

Severity

High

Classification

CVE-2017-8814 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities