← back
CVE-2017-0372

Parameters injection in SyntaxHighlight results in multiple vulnerabilities

EPSS 11.7%
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Affected products
mediawiki · mediawiki (SyntaxHighlight extension)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.debian.org/861585https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.htmlhttps://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.htmlhttps://phabricator.wikimedia.org/T158689https://security-tracker.debian.org/tracker/CVE-2017-0372