VYPR
Medium severity6.1GHSA Advisory· Published Jan 14, 2025· Updated Jun 17, 2026

CVE-2025-23081

CVE-2025-23081

Description

Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mediawiki/data-transferPackagist
>= 1.39.0, < 1.39.111.39.11
mediawiki/data-transferPackagist
>= 1.41.0, < 1.41.31.41.3
mediawiki/data-transferPackagist
>= 1.42.0, < 1.42.21.42.2

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.