BIT-mediawiki-2022-28202
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/mediawiki/BIT-mediawiki-2022-28202.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-mediawiki-2022-28202
- Aliases
- Published
- 2024-03-06T11:07:12.265Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
- Database specific
{ "cpes": [ "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
-
- https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/
- https://phabricator.wikimedia.org/T297543
- https://security.gentoo.org/glsa/202305-24
- https://www.debian.org/security/2022/dsa-5246
Affected packages
Bitnami / mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:bitnami/mediawiki
Severity
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator