CVE-2022-28202

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-28202
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28202.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-28202
Aliases
Downstream
Related
Published
2022-03-30T06:15:06.980Z
Modified
2026-02-13T00:41:10.448081Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type
GIT
Repo
https://github.com/wikimedia/mediawiki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
76572f7b8bc7bd3a9dfb73e3d9a08e56a06266f7
Introduced
b5643675baaeec999e68c20fdde1dc8467c7c920
Fixed
364e92c494bf4f60c6ed4a876262d46c570c0770
Introduced
bc542ec6d8573dfb906b468901799e0017875f1e
Fixed
0ab2de45d1de5e84eace4ab210b6b67b4fc4bf9d

Affected versions

1.*
1.36.0
1.36.1
1.36.2
1.36.3
1.37.0
1.37.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28202.json"