CVE-2022-28202 log

Source
Severity Medium
Remote Yes
Type Cross-site scripting
Description
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
Group Package Affected Fixed Severity Status Ticket
AVG-2677 mediawiki 1.37.1-1 1.37.2-1 Medium Fixed
References
https://phabricator.wikimedia.org/T297543