An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/ | |
https://phabricator.wikimedia.org/T297543 | Issue Tracking Patch Vendor Advisory |
https://security.gentoo.org/glsa/202305-24 | |
https://www.debian.org/security/2022/dsa-5246 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:45
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
21 May 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Oct 2022, 19:01
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5246 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Debian debian Linux Debian Fedoraproject fedora |
06 Oct 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jun 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Apr 2022, 18:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* | |
First Time |
Mediawiki
Mediawiki mediawiki |
|
References | (MISC) https://phabricator.wikimedia.org/T297543 - Issue Tracking, Patch, Vendor Advisory |
30 Mar 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-30 06:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-28202
Mitre link : CVE-2022-28202
CVE.ORG link : CVE-2022-28202
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
mediawiki
- mediawiki
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')