CVE-2022-28202
MEDIUM6.1EPSS 1.1%發布日:2022/3/30修改日:2026/4/28
描述
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
受影響套件(2)
- Bitnami/mediawikifrom 0, < 1.35.6, >= 1.36.0, < 1.36.4, >= 1.37.0, < 1.37.2
- Debian/mediawikifrom 0, < 1:1.35.8-1~deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(7)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-28202
- WEBhttps://lists.debian.org/debian-lts-announce/2022/09/msg00027.html
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD/
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-28202
- WEBhttps://phabricator.wikimedia.org/T297543
- WEBhttps://security.gentoo.org/glsa/202305-24
- WEBhttps://www.debian.org/security/2022/dsa-5246