CVE-2024-47612

Name of the Vulnerable Software and Affected Versions DataDump versions prior to 601688ee8e8808a23b102fa305b178f27cbd226d

Description The DataDump MediaWiki extension has a security issue due to unescaped interface messages, specifically datadump-table-column-queued, datadump-table-column-in-progress, datadump-table-column-completed, and datadump-table-column-failed. If these messages are edited, which requires the editinterface right by default, users who can view Special:DataDump, requiring the view-dump right by default, can be affected by a cross-site scripting (XSS) attack.

Recommendations For versions prior to 601688ee8e8808a23b102fa305b178f27cbd226d, update to a version that includes the fix 601688ee8e8808a23b102fa305b178f27cbd226d to resolve the issue. As a temporary workaround, consider restricting the editinterface right to prevent unauthorized editing of interface messages, and limit access to Special:DataDump to minimize the risk of exploitation.