CVE-2022-28202

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-28202

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28202.json

Aliases

BIT-mediawiki-2022-28202

Related

DLA-3117-1
DSA-5246-1

Published

2022-03-30T06:15:06Z

Modified

2023-12-06T01:02:10.924766Z

Details

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

References

https://phabricator.wikimedia.org/T297543
https://security.gentoo.org/glsa/202305-24
https://www.debian.org/security/2022/dsa-5246
https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type: GIT
Repo: https://github.com/wikimedia/mediawiki
Events: Fixed

76572f7b8bc7bd3a9dfb73e3d9a08e56a06266f7

Introduced

bc542ec6d8573dfb906b468901799e0017875f1e

Introduced

b5643675baaeec999e68c20fdde1dc8467c7c920