CVE-2024-47612

Summary

CVE-2024-47612 is a vulnerability found in the DataDump MediaWiki extension that allows for potential cross-site scripting (XSS) attacks due to unescaped interface messages. Affected products include those utilizing the DataDump extension, which requires specific user permissions for access. To remediate this issue, users should apply the fix identified in commit 601688ee8e8808a23b102fa305b178f27cbd226d. The vulnerability has a low severity score of 3.5 but requires high privileges and user interaction, indicating that it poses a moderate risk primarily to users who have edit rights and can access Special:DataDump. If exploited, it could lead to minor integrity impacts and expose sensitive information to unauthorized users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.