Cross-Site Scripting Vulnerability in DataDump MediaWiki Extension

CVE-2024-47612

What is CVE-2024-47612?

The DataDump extension for MediaWiki contains a Cross-Site Scripting (XSS) vulnerability due to the improper handling of interface messages. Specifically, unescaped messages, such as datadump-table-column-queued and others, can be exploited when users with editing rights modify these messages. This allows individuals who can access Special:DataDump to trigger XSS attacks, potentially compromising user sessions and sensitive data. A patch has been implemented to address this issue in the DataDump extension.

References