← Back

CVE-2017-8814

nvd nist
Published: Nov 15, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

Affected (7)

Mediawiki
1 product
Mediawiki
Debian
1 product
Debian Linux
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Mediawiki
Mediawiki
Up to 1.27.3
Mediawiki
Version 1.28.0
Mediawiki
Version 1.28.1
Mediawiki
Version 1.28.2
Mediawiki
Version 1.29.0
Mediawiki
Version 1.29.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: security@debian.org
Third Party AdvisoryVDB Entry
Source: security@debian.org
Mailing ListPatchVendor Advisory
Source: security@debian.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.