Explore top 10 tips to secure your open-source projects now. Read More
×Multiple security vulnerabilities have been discovered in MediaWiki, a
website engine for collaborative work:
CVE-2017-8808
Cross-site-scripting with non-standard URL escaping and
$wgShowExceptionDetails disabled.
CVE-2017-8809
Reflected file download in API.
CVE-2017-8810
On private wikis the login form didn't distinguish between
login failure due to bad username and bad password.
CVE-2017-8811
It was possible to mangle HTML via raw message parameter
expansion.
CVE-2017-8812
id attributes in headlines allowed raw '>'.
CVE-2017-8814
Language converter could be tricked into replacing text inside tags.
CVE-2017-8815
Unsafe attribute injection via glossary rules in language converter.
For the stable distribution (stretch), these problems have been fixed in
version 1:1.27.4-1~deb9u1.
We recommend that you upgrade your mediawiki packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
f...
Get the latest Linux and open source security news straight to your inbox.