First published: Fri Apr 29 2022(Updated: )
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wikimedia MediaWiki | <=1.37.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29907 has been classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
To fix CVE-2022-29907, upgrade MediaWiki to version 1.37.3 or later which contains the necessary security patch.
CVE-2022-29907 is classified as a cross-site scripting (XSS) vulnerability.
CVE-2022-29907 affects MediaWiki versions up to and including 1.37.2.
CVE-2022-29907 can allow an attacker to execute arbitrary scripts in the context of a victim's browser, potentially leading to data theft or session hijacking.