Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for mediawiki (SyntaxHighlight extension) by mediawiki

    CVE-2017-0372 (GCVE-0-2017-0372)

    Vulnerability from nvd – Published: 2018-04-13 16:00 – Updated: 2024-09-16 16:27
    VLAI
    Title
    Parameters injection in SyntaxHighlight results in multiple vulnerabilities
    Summary
    Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • parameter injection
    Assigner
    References
    Impacted products
    Date Public
    2017-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:57.018Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
              },
              {
                "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/861585"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://phabricator.wikimedia.org/T158689"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mediawiki (SyntaxHighlight extension)",
              "vendor": "mediawiki",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "parameter injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-13T15:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/861585"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://phabricator.wikimedia.org/T158689"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
            }
          ],
          "source": {
            "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
            "discovery": "UNKNOWN"
          },
          "title": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
              "ID": "CVE-2017-0372",
              "STATE": "PUBLIC",
              "TITLE": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mediawiki (SyntaxHighlight extension)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "mediawiki"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "parameter injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
                  "refsource": "MLIST",
                  "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
                },
                {
                  "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
                  "refsource": "MLIST",
                  "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
                },
                {
                  "name": "https://bugs.debian.org/861585",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/861585"
                },
                {
                  "name": "https://phabricator.wikimedia.org/T158689",
                  "refsource": "CONFIRM",
                  "url": "https://phabricator.wikimedia.org/T158689"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2017-0372",
                  "refsource": "CONFIRM",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
                }
              ]
            },
            "source": {
              "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2017-0372",
        "datePublished": "2018-04-13T16:00:00.000Z",
        "dateReserved": "2016-11-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:27:46.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0372 (GCVE-0-2017-0372)

    Vulnerability from cvelistv5 – Published: 2018-04-13 16:00 – Updated: 2024-09-16 16:27
    VLAI
    Title
    Parameters injection in SyntaxHighlight results in multiple vulnerabilities
    Summary
    Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • parameter injection
    Assigner
    References
    Impacted products
    Date Public
    2017-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:57.018Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
              },
              {
                "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/861585"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://phabricator.wikimedia.org/T158689"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mediawiki (SyntaxHighlight extension)",
              "vendor": "mediawiki",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "parameter injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-13T15:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
            },
            {
              "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/861585"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://phabricator.wikimedia.org/T158689"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
            }
          ],
          "source": {
            "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
            "discovery": "UNKNOWN"
          },
          "title": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
              "ID": "CVE-2017-0372",
              "STATE": "PUBLIC",
              "TITLE": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mediawiki (SyntaxHighlight extension)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "mediawiki"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "parameter injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
                  "refsource": "MLIST",
                  "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
                },
                {
                  "name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
                  "refsource": "MLIST",
                  "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
                },
                {
                  "name": "https://bugs.debian.org/861585",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/861585"
                },
                {
                  "name": "https://phabricator.wikimedia.org/T158689",
                  "refsource": "CONFIRM",
                  "url": "https://phabricator.wikimedia.org/T158689"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2017-0372",
                  "refsource": "CONFIRM",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
                }
              ]
            },
            "source": {
              "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2017-0372",
        "datePublished": "2018-04-13T16:00:00.000Z",
        "dateReserved": "2016-11-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:27:46.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }