Lucene search
Veracode Vulnerability DatabaseVERACODE:36280HistoryJul 06, 2022 - 9:34 p.m.
Cross-Site Scripting (XSS)
2022-07-0621:34:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
cross-site scripting
mediawiki
vulnerability
specialcreateaccount.php
javascript injection
EPSS
0.003
Percentile
68.7%
mediawiki is vulnerable to cross-site scripting. The vulnerability exsits in showSuccessPage function in SpecialCreateAccount.php because the username is not properly escaped which allows an attacker to inject and execute javascript.
References
github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw
lists.debian.org/debian-lts-announce/2022/09/msg00027.html
lists.fedoraproject.org/archives/list/[email protected]/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/
lists.fedoraproject.org/archives/list/[email protected]/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/
phabricator.wikimedia.org/T308471
security-tracker.debian.org/tracker/CVE-2022-34911
security.gentoo.org/glsa/202305-24
www.debian.org/security/2022/dsa-5246
Related
osv
osv
CVE-2022-34911
2022-07-02 20:15:08
BIT-mediawiki-2022-34911
2024-03-06 11:04:48
mediawiki - security update
2022-09-22 00:00:00
openvas
openvas
Fedora: Security Advisory for mediawiki (FEDORA-2022-bca2c95559)
2022-09-13 00:00:00
debiancve
debiancve
CVE-2022-34911
2022-07-02 20:15:08
nvd
nvd
CVE-2022-34911
2022-07-02 20:15:08
ubuntucve
ubuntucve
CVE-2022-34911
2022-07-02 00:00:00
cvelist
cvelist
CVE-2022-34911
2022-07-02 00:00:00
prion
prion
Code injection
2022-07-02 20:15:00
redhatcve
redhatcve
CVE-2022-34911
2022-08-01 05:39:58
cve
cve
CVE-2022-34911
2022-07-02 20:15:08
fedora
fedora
[SECURITY] Fedora 37 Update: mediawiki-1.38.2-1.fc37
2022-09-12 17:57:50
[SECURITY] Fedora 36 Update: mediawiki-1.37.4-1.fc36
2022-09-09 11:23:50
debian
debian
[SECURITY] [DLA 3117-1] mediawiki security update
2022-09-22 14:38:08
[SECURITY] [DSA 5246-1] mediawiki security update
2022-10-04 18:53:33
nessus
nessus
Debian DLA-3117-1 : mediawiki - LTS security update
2022-09-25 00:00:00
Debian DSA-5246-1 : mediawiki - security update
2022-10-05 00:00:00
GLSA-202305-24 : MediaWiki: Multiple Vulnerabilities
2023-05-21 00:00:00
gentoo
gentoo
MediaWiki: Multiple Vulnerabilities
2023-05-21 00:00:00