CVE-2024-47612

XSS in Special:DataDump when displaying dump status

Description

DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.

Category

3.5
CVSS
Severity: Low
CVSS 3.1 •
EPSS 0.05%
Affected: miraheze DataDump
Published at:
Updated at:

References

Link Tags
https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj
https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch
https://issue-tracker.miraheze.org/T12670

Frequently Asked Questions

What is the severity of CVE-2024-47612?
CVE-2024-47612 has been scored as a low severity vulnerability.
How to fix CVE-2024-47612?
To fix CVE-2024-47612, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-47612 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-47612 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-47612?
CVE-2024-47612 affects miraheze DataDump.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.