vulnerability
MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2022-28202)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Mar 30, 2022 | Apr 7, 2022 | Nov 27, 2024 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Mar 30, 2022
Added
Apr 7, 2022
Modified
Nov 27, 2024
Description
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
Solution(s)
mediawiki-upgrade-1_35_6mediawiki-upgrade-1_36_4mediawiki-upgrade-1_37_2
References
- CVE-2022-28202
- https://attackerkb.com/topics/CVE-2022-28202
- URL-https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/
- URL-https://phabricator.wikimedia.org/T297543
- URL-https://security.gentoo.org/glsa/202305-24
- URL-https://www.debian.org/security/2022/dsa-5246
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.