{"id":"CVE-2024-47612","summary":"XSS in Special:DataDump when displaying dump status","details":"DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d.","aliases":["GHSA-h8x8-24c7-r2rj"],"modified":"2025-12-05T06:33:51.311713Z","published":"2024-10-02T14:22:52.059Z","database_specific":{"cwe_ids":["CWE-79","CWE-80"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47612.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47612.json"},{"type":"FIX","url":"https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch"},{"type":"ADVISORY","url":"https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj"},{"type":"WEB","url":"https://issue-tracker.miraheze.org/T12670"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47612"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miraheze/datadump","events":[{"introduced":"0"},{"fixed":"601688ee8e8808a23b102fa305b178f27cbd226d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47612.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"}]}