Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-28202

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

Related bugs and status

CVE-2022-28202 (Candidate) is related to these bugs:

Bug #1960154: Sync mediawiki 1:1.35.5-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1960154	Sync mediawiki 1:1.35.5-2 (universe) from Debian unstable (main)		mediawiki (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://phabricator.wi...
FEDORA: FEDORA-2022-69bc42d6cf
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-5246
GENTOO: GLSA-202305-24