CVE-2022-34912
02.07.2022, 20:15
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 𝑥 < 1.37.3 |
| mediawiki | mediawiki | 1.38.0 |
| mediawiki | mediawiki | 1.38.0:rc0 |
| mediawiki | mediawiki | 1.38.0:rc1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References