logo

Database

Reflected cross-site scripting (XSS) In mediawiki/data-transfer

Description

Mediawiki - DataTransfer Extension Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS) Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-230812. NVD-2025-230813. OSV-2025-230814. GCVE-2025-23081

References

1. https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DataTransfer/+/10804512. https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DataTransfer/+/10939313. https://gerrit.wikimedia.org/r/q/I5e1538a3bf66378810f905834c05626e1d2c82f04. https://gerrit.wikimedia.org/r/q/I773c616db781d2f3f30893ad01ef503bf251a2b35. https://gerrit.wikimedia.org/r/q/I7c9de4c8dcdb3276ba923c6bc7c8eef3531324c76. https://gerrit.wikimedia.org/r/q/I9223c31f02f31f1e06e1a8cddf7d539cc8d3a3d97. https://phabricator.wikimedia.org/T379749

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.