CVE-2024-47612

CVSS V2 None CVSS V3 None
Description
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.
Overview
  • CVE ID
  • CVE-2024-47612
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-10-02T14:22:52.059Z
  • Last Modified Date
  • 2024-10-02T15:12:04.288Z
History
Created Old Value New Value Data Type Notes
2024-10-06 23:41:38 Added to TrackCVE