CVE-2022-28202

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-28202

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28202.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-28202

Aliases

BIT-mediawiki-2022-28202

Related

Published

2022-03-30T06:15:06Z

Modified

2024-09-18T03:23:29.623303Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

References

Affected packages

Debian:11 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.35.8-1~deb11u1

Affected versions

1:1.*

1:1.35.2-1

1:1.35.3-1

1:1.35.4-1~deb11u1

1:1.35.4-1

1:1.35.4-1+deb11u2

1:1.35.5-1

1:1.35.5-2

1:1.35.6-1

1:1.35.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.35.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.35.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/wikimedia/mediawiki

Affected ranges

Type: GIT
Repo: https://github.com/wikimedia/mediawiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

76572f7b8bc7bd3a9dfb73e3d9a08e56a06266f7

Affected versions

1.*

1.1.0

1.3.0beta1

1.35.0

1.35.0-rc.0

1.35.0-rc.1

1.35.0-rc.2

1.35.0-rc.3

1.35.1

1.35.2

1.35.3

1.35.4

1.35.5

1.5.0alpha1

1.5.0alpha2

1.5.0beta1

1.5.0beta2

1.5.0beta3

1.5.0beta4

1.6.0