MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-28202
Reference:
CVE-2022-28202
Title:
MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
An XSS issue was discovered in MediaWiki before 1.35.6 1.36.x before 1.36.4 and 1.37.x before 1.37.2. The widthheight widthheightpage and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.