CVE-2022-29907
MEDIUMMediaWiki < 1.37.2 - Cross-Site Scripting in Nimbus Skin Advertise Link Messages
Title source: llmDescription
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://phabricator.wikimedia.org/T306815
Vendor Advisory x_refsource_misc
https://gerrit.wikimedia.org/r/c/786959
Scores
CVSS v3
6.1
EPSS
0.0025
EPSS Percentile
47.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
mediawiki/mediawiki
< 1.37.2
Published
Apr 29, 2022
Tracked Since
Feb 18, 2026