Unrated severityNVD Advisory· Published Jul 2, 2022· Updated Aug 3, 2024
CVE-2022-34912
CVE-2022-34912
Description
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <1.37.3, 1.38.0
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/mitrevendor-advisory
- security.gentoo.org/glsa/202305-24mitrevendor-advisory
- www.debian.org/security/2022/dsa-5246mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/09/msg00027.htmlmitremailing-list
- phabricator.wikimedia.org/T308473mitre
News mentions
0No linked articles in our index yet.