GCVE - cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*

part: a version: 1.27.0 update: *

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Mediawiki (`ab97168e-95e7-5d6e-a2ac-f8d27117dc4d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.618510
`pkg:wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.618511

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-0372`	vulnerable	2026-06-03 14:36:18.856776	Parameters injection in SyntaxHighlight results in multiple vulnerabilities Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. Published: 2018-04-13T16:00:00.000Z Updated: 2024-09-16T16:27:46.256Z Open on db.gcve.eu Reference links https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html https://bugs.debian.org/861585 https://phabricator.wikimedia.org/T158689 https://security-tracker.debian.org/tracker/CVE-2017-0372	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6337`	vulnerable	2026-06-03 14:35:57.691844	Details available MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. Published: 2017-04-20T17:00:00.000Z Updated: 2024-08-06T01:29:19.198Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T139670 https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6336`	vulnerable	2026-06-03 14:35:57.691530	Details available MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. Published: 2017-04-20T17:00:00.000Z Updated: 2024-08-06T01:29:19.386Z Open on db.gcve.eu Reference links https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html https://bugzilla.redhat.com/show_bug.cgi?id=1369613 https://phabricator.wikimedia.org/T132926	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6335`	vulnerable	2026-06-03 14:35:57.691063	Details available MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php. Published: 2017-04-20T17:00:00.000Z Updated: 2024-08-06T01:29:18.431Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T139570 https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html https://bugzilla.redhat.com/show_bug.cgi?id=1369613 https://phabricator.wikimedia.org/T139565	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6334`	vulnerable	2026-06-03 14:35:57.690473	Details available Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links. Published: 2017-04-20T17:00:00.000Z Updated: 2024-08-06T01:29:19.371Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/98057 https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html https://bugzilla.redhat.com/show_bug.cgi?id=1369613 https://phabricator.wikimedia.org/T137264	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6333`	vulnerable	2026-06-03 14:35:57.689986	Details available Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css. Published: 2017-04-20T17:00:00.000Z Updated: 2024-08-06T01:29:19.303Z Open on db.gcve.eu Reference links https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html https://bugzilla.redhat.com/show_bug.cgi?id=1369613 https://phabricator.wikimedia.org/T133147 http://www.securityfocus.com/bid/98053	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6332`	vulnerable	2026-06-03 14:35:57.689470	Details available MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked. Published: 2017-04-20T17:00:00.000Z Updated: 2024-08-06T01:29:19.298Z Open on db.gcve.eu Reference links https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html https://bugzilla.redhat.com/show_bug.cgi?id=1369613 https://phabricator.wikimedia.org/T129738	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6331`	vulnerable	2026-06-03 14:35:57.688877	Details available ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php. Published: 2017-04-20T17:00:00.000Z Updated: 2024-08-06T01:29:19.952Z Open on db.gcve.eu Reference links https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html https://bugzilla.redhat.com/show_bug.cgi?id=1369613 https://phabricator.wikimedia.org/T115333	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.