A_Smart_Kitten

**Name of the Vulnerable Software and Affected Versions** MediaWiki - UploadWizard extension versions 1.39 through 1.45 **Description** The MediaWiki - UploadWizard extension contains a flaw related to improper input neutralization during web page generation, which could allow for Cross-Site Scripting (XSS). This issue may allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is the UploadWizard extension. **Recommendations** Update to a version later than 1.45.

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.12 MediaWiki versions prior to 1.42.6 MediaWiki versions prior to 1.43.1 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. It is associated with program files includes/logging/LogPager.php. Recommendations: For versions prior to 1.39.12, update to version 1.39.12 or later. For versions prior to 1.42.6, update to version 1.42.6 or later. For versions prior to 1.43.1, update to version 1.43.1 or later.