CVE-2022-28202
Summary
| CVE | CVE-2022-28202 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-03-30 06:15:00 UTC |
|---|
| Updated | 2023-11-07 03:45:00 UTC |
|---|
| Description | An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Debian -- Security Information -- DSA-5246-1 mediawiki |
DEBIAN |
www.debian.org |
|
| ⚓ T297543 CVE-2022-: Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete |
MISC |
phabricator.wikimedia.org |
|
| [SECURITY] Fedora 36 Update: mediawiki-1.37.2-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] [DLA 3117-1] mediawiki security update |
MLIST |
lists.debian.org |
|
| MediaWiki: Multiple Vulnerabilities (GLSA 202305-24) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] Fedora 36 Update: mediawiki-1.37.2-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181071 Debian Security Update for mediawiki (DLA 3117-1)
- 181110 Debian Security Update for mediawiki (DSA 5246-1)
- 183688 Debian Security Update for mediawiki (CVE-2022-28202)
- 282870 Fedora Security Update for mediawiki (FEDORA-2022-69bc42d6cf)
- 690827 Free Berkeley Software Distribution (FreeBSD) Security Update for mediawiki (79ea6066-b40e-11ec-8b93-080027b24e86)
- 710731 Gentoo Linux MediaWiki Multiple Vulnerabilities (GLSA 202305-24)
