Detections
Analytics

CVE-2024-47612

low

Description

DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.

References

https://issue-tracker.miraheze.org/T12670

https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj

https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch

Details

Source: Mitre, NVD

Published: 2024-10-02

Updated: 2024-10-04

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 3.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Severity: Low