
We found results for “”
CVE-2022-28202
Good to know:

Date: March 29, 2022
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
Language: PHP
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version mediawiki/core - 1.35.6;mediawiki/core - 1.33.0-rc.0;mediawiki/core - dev-wmf/1.34.0-wmf.10;mediawiki/core - 1.23.0-rc.1;mediawiki/core - 1.30.1;mediawiki/core - dev-sandbox/hashar/hexmode;mediawiki/core - 1.27.5;mediawiki/core - dev-wmf/1.36.0-wmf.10;mediawiki/core - 1.31.1;mediawiki/core - dev-sandbox/urbanecm/community-configuration;mediawiki/core - dev-wmf/1.35.0-wmf.1;mediawiki/core - no_fix;mediawiki/core - 1.32.0-rc.1;mediawiki/core - 1.32.1;mediawiki/core - dev-REL1_35;mediawiki/core - 1.29.3;mediawiki/core - 1.36.4;weicms/doc - no_fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |