MediaWiki 1.28.1
Approved changes feed: RSS · Atom
cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*
part: a version: 1.28.1 update: *
| Vendor | Mediawiki (cdb1ca1d-4622-5407-a7d8-3e891579b8c5) |
|---|---|
| Product | Mediawiki (ab97168e-95e7-5d6e-a2ac-f8d27117dc4d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wikimedia/mediawiki |
purl2cpe | 2026-06-01 10:10:57.618547 |
pkg:wikimedia/mediawiki |
purl2cpe | 2026-06-01 10:10:57.618549 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-8815 |
vulnerable | 2026-06-03 14:37:40.656611 |
Details available
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:21.919Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8814 |
vulnerable | 2026-06-03 14:37:40.655868 |
Details available
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:21.905Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8812 |
vulnerable | 2026-06-03 14:37:40.655191 |
Details available
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:22.653Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8811 |
vulnerable | 2026-06-03 14:37:40.654618 |
Details available
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:22.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8810 |
vulnerable | 2026-06-03 14:37:40.654013 |
Details available
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:22.197Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8809 |
vulnerable | 2026-06-03 14:37:40.653374 |
Details available
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:21.913Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8808 |
vulnerable | 2026-06-03 14:37:40.650455 |
Details available
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:22.553Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-0372 |
vulnerable | 2026-06-03 14:36:18.858836 |
Parameters injection in SyntaxHighlight results in multiple vulnerabilities
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Published: 2018-04-13T16:00:00.000Z
Updated: 2024-09-16T16:27:46.256Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.