Mediawiki: >> Mediawiki >> 1.25.4 Security Vulnerabilities
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
CVSS Score
5.3
EPSS Score
0.008
Published
2017-11-15
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
CVSS Score
7.5
EPSS Score
0.008
Published
2017-11-15
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-11-15
Page 18