An XSS issue exists in MediaWiki prior to 1.35.6, 1.36.x prior to 1.36.4, and 1.37.x prior to 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
fedoraproject fedora 36 |
||
debian debian linux 10.0 |