MediaWiki 1.28.2
Approved changes feed: RSS · Atom
cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*
part: a version: 1.28.2 update: *
| Vendor | Mediawiki (cdb1ca1d-4622-5407-a7d8-3e891579b8c5) |
|---|---|
| Product | Mediawiki (ab97168e-95e7-5d6e-a2ac-f8d27117dc4d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wikimedia/mediawiki |
purl2cpe | 2026-06-01 10:10:57.618550 |
pkg:wikimedia/mediawiki |
purl2cpe | 2026-06-01 10:10:57.618552 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-8815 |
vulnerable | 2026-06-03 14:37:40.656635 |
Details available
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:21.919Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8814 |
vulnerable | 2026-06-03 14:37:40.655890 |
Details available
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:21.905Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8812 |
vulnerable | 2026-06-03 14:37:40.655212 |
Details available
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:22.653Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8811 |
vulnerable | 2026-06-03 14:37:40.654641 |
Details available
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:22.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8810 |
vulnerable | 2026-06-03 14:37:40.654035 |
Details available
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:22.197Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8809 |
vulnerable | 2026-06-03 14:37:40.653398 |
Details available
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:21.913Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-8808 |
vulnerable | 2026-06-03 14:37:40.651357 |
Details available
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
Published: 2017-11-15T08:00:00.000Z
Updated: 2024-08-05T16:48:22.553Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.