Published: 30/03/2022 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An XSS issue exists in MediaWiki prior to 1.35.6, 1.36.x prior to 1.36.4, and 1.37.x prior to 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki
fedoraproject fedora 36
debian debian linux 10.0

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in restriction bypass, information leaks, cross-site scripting or denial of service For the stable distribution (bullseye), these problems have been fixed in version 1:1358-1~deb11u1 We recommend that you upgrade your mediawiki pac ...

An XSS issue was discovered in MediaWiki before 1356, 136x before 1364, and 137x before 1372 The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete ...

CWE-79 https://phabricator.wikimedia.org/T297543 https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html https://www.debian.org/security/2022/dsa-5246 https://security.gentoo.org/glsa/202305-24 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5246

CVE-2022-28202

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect