CVE-2022-28202 Information
Share on:
Jun 06, 2022
cve
Description
An XSS issue was discovered in MediaWiki before 1.35.6 1.36.x before 1.36.4 and 1.37.x before 1.37.2. The widthheight widthheightpage and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://phabricator.wikimedia.org/T297543
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1