Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-47612

Good to know:

icon

Date: October 2, 2024

DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.

Language: PHP

Severity Score

Related Resources (5)

https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch
https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj
https://issue-tracker.miraheze.org/T12670
https://nvd.nist.gov/vuln/detail/CVE-2024-47612
https://www.mend.io/vulnerability-database/CVE-2024-47612

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-80

Top Fix

icon

Upgrade Version

Upgrade to version miraheze/data-dump - dev-failed-comments;miraheze/data-dump - dev-chunking;miraheze/data-dump - dev-dependabot/composer/mediawiki/mediawiki-codesniffer-45.0.0;miraheze/data-dump - dev-service;miraheze/data-dump - dev-dependabot/composer/mediawiki/mediawiki-phan-config-0.15.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us