VulnerableCode Package Details - pkg:alpm/archlinux/mediawiki@1.29.1-1

Search for packages

Package details: pkg:alpm/archlinux/mediawiki@1.29.1-1

Essentials
History (24)

purl	pkg:alpm/archlinux/mediawiki@1.29.1-1

Next non-vulnerable version	1.29.2-1
Latest non-vulnerable version	1.38.3-1
Risk	4.4

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-gd5c-rvxf-aaam Aliases: CVE-2017-8812	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.	1.29.2-1 Affected by 0 other vulnerabilities.
VCID-gh8f-mrk4-aaar Aliases: CVE-2017-8810	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.	1.29.2-1 Affected by 0 other vulnerabilities.
VCID-mbfm-pxzx-aaaa Aliases: CVE-2017-8815	The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.	1.29.2-1 Affected by 0 other vulnerabilities.
VCID-qzqa-kqnf-aaak Aliases: CVE-2017-0361	Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.	1.29.2-1 Affected by 0 other vulnerabilities.
VCID-r4f3-hm1w-aaap Aliases: CVE-2017-8808	MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.	1.29.2-1 Affected by 0 other vulnerabilities.
VCID-uuyp-pj3y-aaac Aliases: CVE-2017-8811	The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.	1.29.2-1 Affected by 0 other vulnerabilities.
VCID-w1e2-vvzz-aaam Aliases: CVE-2017-8814	The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."	1.29.2-1 Affected by 0 other vulnerabilities.
VCID-xfq2-pqeb-aaah Aliases: CVE-2017-8809	api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.	1.29.2-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:08.925447+00:00	Arch Linux Importer	Affected by	VCID-qzqa-kqnf-aaak	https://security.archlinux.org/AVG-490	36.0.0
2025-03-28T07:46:08.904855+00:00	Arch Linux Importer	Affected by	VCID-r4f3-hm1w-aaap	https://security.archlinux.org/AVG-490	36.0.0
2025-03-28T07:46:08.884180+00:00	Arch Linux Importer	Affected by	VCID-xfq2-pqeb-aaah	https://security.archlinux.org/AVG-490	36.0.0
2025-03-28T07:46:08.863532+00:00	Arch Linux Importer	Affected by	VCID-gh8f-mrk4-aaar	https://security.archlinux.org/AVG-490	36.0.0
2025-03-28T07:46:08.842873+00:00	Arch Linux Importer	Affected by	VCID-uuyp-pj3y-aaac	https://security.archlinux.org/AVG-490	36.0.0
2025-03-28T07:46:08.822091+00:00	Arch Linux Importer	Affected by	VCID-gd5c-rvxf-aaam	https://security.archlinux.org/AVG-490	36.0.0
2025-03-28T07:46:08.801462+00:00	Arch Linux Importer	Affected by	VCID-w1e2-vvzz-aaam	https://security.archlinux.org/AVG-490	36.0.0
2025-03-28T07:46:08.780943+00:00	Arch Linux Importer	Affected by	VCID-mbfm-pxzx-aaaa	https://security.archlinux.org/AVG-490	36.0.0
2024-09-18T02:01:17.875401+00:00	Arch Linux Importer	Affected by	VCID-qzqa-kqnf-aaak	https://security.archlinux.org/AVG-490	34.0.1
2024-09-18T02:01:17.846531+00:00	Arch Linux Importer	Affected by	VCID-r4f3-hm1w-aaap	https://security.archlinux.org/AVG-490	34.0.1
2024-09-18T02:01:17.819877+00:00	Arch Linux Importer	Affected by	VCID-xfq2-pqeb-aaah	https://security.archlinux.org/AVG-490	34.0.1
2024-09-18T02:01:17.793812+00:00	Arch Linux Importer	Affected by	VCID-gh8f-mrk4-aaar	https://security.archlinux.org/AVG-490	34.0.1
2024-09-18T02:01:17.765073+00:00	Arch Linux Importer	Affected by	VCID-uuyp-pj3y-aaac	https://security.archlinux.org/AVG-490	34.0.1
2024-09-18T02:01:17.737702+00:00	Arch Linux Importer	Affected by	VCID-gd5c-rvxf-aaam	https://security.archlinux.org/AVG-490	34.0.1
2024-09-18T02:01:17.712818+00:00	Arch Linux Importer	Affected by	VCID-w1e2-vvzz-aaam	https://security.archlinux.org/AVG-490	34.0.1
2024-09-18T02:01:17.684295+00:00	Arch Linux Importer	Affected by	VCID-mbfm-pxzx-aaaa	https://security.archlinux.org/AVG-490	34.0.1
2024-01-03T22:27:29.009214+00:00	Arch Linux Importer	Affected by	VCID-qzqa-kqnf-aaak	https://security.archlinux.org/AVG-490	34.0.0rc1
2024-01-03T22:27:28.984822+00:00	Arch Linux Importer	Affected by	VCID-r4f3-hm1w-aaap	https://security.archlinux.org/AVG-490	34.0.0rc1
2024-01-03T22:27:28.960642+00:00	Arch Linux Importer	Affected by	VCID-xfq2-pqeb-aaah	https://security.archlinux.org/AVG-490	34.0.0rc1
2024-01-03T22:27:28.936269+00:00	Arch Linux Importer	Affected by	VCID-gh8f-mrk4-aaar	https://security.archlinux.org/AVG-490	34.0.0rc1
2024-01-03T22:27:28.912086+00:00	Arch Linux Importer	Affected by	VCID-uuyp-pj3y-aaac	https://security.archlinux.org/AVG-490	34.0.0rc1
2024-01-03T22:27:28.886026+00:00	Arch Linux Importer	Affected by	VCID-gd5c-rvxf-aaam	https://security.archlinux.org/AVG-490	34.0.0rc1
2024-01-03T22:27:28.861934+00:00	Arch Linux Importer	Affected by	VCID-w1e2-vvzz-aaam	https://security.archlinux.org/AVG-490	34.0.0rc1
2024-01-03T22:27:28.840563+00:00	Arch Linux Importer	Affected by	VCID-mbfm-pxzx-aaaa	https://security.archlinux.org/AVG-490	34.0.0rc1