Description

DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.

INFO

Published Date :

2024-10-02T14:22:52.059Z

Last Modified :

2024-10-02T15:12:04.288Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47612 vulnerability.

Vendors Products
Mediawiki
  • Mediawiki
Miraheze
  • Datadump
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47612.

URL Resource
https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch cve-icon cve-icon
https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj cve-icon cve-icon
https://issue-tracker.miraheze.org/T12670 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact