Merge pull request #4971 from github/Rudloff-GHSA-6h86-9r5g-f2h5

advisory-database[bot] · web-flow · commit 811ff0608266 · 2024-11-01T23:10:25.000Z
diff --git a/advisories/unreviewed/2022/05/GHSA-6h86-9r5g-f2h5/GHSA-6h86-9r5g-f2h5.json b/advisories/unreviewed/2022/05/GHSA-6h86-9r5g-f2h5/GHSA-6h86-9r5g-f2h5.json
@@ -1,17 +1,33 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6h86-9r5g-f2h5",
-  "modified": "2022-05-17T04:07:54Z",
+  "modified": "2023-01-28T05:01:14Z",
   "published": "2022-05-17T04:07:54Z",
   "aliases": [
     "CVE-2014-2853"
   ],
+  "summary": "Cross-site scripting vulnerability in includes/actions/InfoAction.php",
   "details": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.",
   "severity": [
 
   ],
   "affected": [
-
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "mediawiki/core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
   ],
   "references": [
     {
@@ -30,6 +46,10 @@
       "type": "WEB",
       "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/wikimedia/mediawiki"
+    },
     {
       "type": "WEB",
       "url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8"
