BIT-mediawiki-2022-28202

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mediawiki/BIT-mediawiki-2022-28202.json

Aliases

CVE-2022-28202

Published

2024-03-06T11:07:12.265Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

References

https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/
https://phabricator.wikimedia.org/T297543
https://security.gentoo.org/glsa/202305-24
https://www.debian.org/security/2022/dsa-5246

Affected packages

Bitnami / mediawiki

Package

Name: mediawiki

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.35.6

Introduced

1.36.0

Fixed

1.36.4

Introduced

1.37.0

Fixed

1.37.2