First published: Wed Mar 30 2022(Updated: )
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/mediawiki | <=1:1.31.16-1+deb10u2 | 1:1.31.16-1+deb10u6 1:1.35.11-1~deb11u1 1:1.35.13-1~deb11u1 1:1.39.4-1~deb12u1 1:1.39.5-1~deb12u1 1:1.39.5-1 |
MediaWiki MediaWiki | <1.35.6 | |
MediaWiki MediaWiki | >=1.36.0<1.36.4 | |
MediaWiki MediaWiki | >=1.37.0<1.37.2 | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.