Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| mediawiki/data-transfer(Packagist) | 1.39.0 | 1.39.11 | N/A |
| mediawiki/data-transfer(Packagist) | 1.41.0 | 1.41.3 | N/A |
| mediawiki/data-transfer(Packagist) | 1.42.0 | 1.42.2 | N/A |
CVSS Metrics
