First published: Wed Mar 30 2022(Updated: )
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/mediawiki | <=1:1.31.16-1+deb10u2 | 1:1.31.16-1+deb10u6 1:1.35.11-1~deb11u1 1:1.35.13-1~deb11u1 1:1.39.4-1~deb12u1 1:1.39.5-1~deb12u1 1:1.39.5-1 |
Wikimedia MediaWiki | <1.35.6 | |
Wikimedia MediaWiki | >=1.36.0<1.36.4 | |
Wikimedia MediaWiki | >=1.37.0<1.37.2 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.