Impact
Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed.
Patches
You should either update DataDump to the latest version or apply the patch.
Workarounds
If an interface administrator (or equivalent) level protection is available (which is not provided by default), protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages.
References
BlankEclair Reporter
Impact
Several interface messages are unescaped (more specifically,
(datadump-table-column-queued),(datadump-table-column-in-progress),(datadump-table-column-completed),(datadump-table-column-failed)). If these messages are edited (which requires the(editinterface)right by default), anyone who can view Special:DataDump (which requires the(view-dump)right by default) can be XSSed.Patches
You should either update DataDump to the latest version or apply the patch.
Workarounds
If an interface administrator (or equivalent) level protection is available (which is not provided by default), protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages.
References