CVE-2017-8812

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.27.4 MediaWiki versions 1.28.x prior to 1.28.3 MediaWiki versions 1.29.x prior to 1.29.2

Description The issue allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

Recommendations For MediaWiki versions prior to 1.27.4, update to version 1.27.4 or later. For MediaWiki versions 1.28.x prior to 1.28.3, update to version 1.28.3 or later. For MediaWiki versions 1.29.x prior to 1.29.2, update to version 1.29.2 or later.