CVE-2022-34912

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.37.3 MediaWiki versions 1.38.x prior to 1.38.1

Description An issue was discovered where the contributions-title, used on Special:Contributions, is used as a page title without escaping. This can cause problems in non-default configurations where a username contains HTML entities, as it won't be escaped.

Recommendations For MediaWiki versions prior to 1.37.3, update to version 1.37.3 or later. For MediaWiki versions 1.38.x prior to 1.38.1, update to version 1.38.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2022-3361

ALT-PU-2024-11168

ALT-PU-2024-1228

BIT-MEDIAWIKI-2022-34912

CVE-2022-34912

DLA-3117-1

DSA-5246-1

Affected Products

Alt Linux

Mediawiki

CVE-2022-34912

Related Identifiers

Affected Products

References · 21