VuXML ID | Description |
2fe4b57f-d110-11e1-ac76-10bf48230856 | Dokuwiki -- cross site scripting vulnerability
Secunia Research reports:
Secunia Research has discovered a vulnerability in DokuWiki, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "ns" POST parameter in lib/exe/ajax.php (when "call"
is set to "medialist" and "do" is set to "media") is not properly
sanitised within the "tpl_mediaFileList()" function in inc/template.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.
Discovery 2012-07-13 Entry 2012-07-18 dokuwiki
< 20120125_2
http://secunia.com/advisories/49196/
CVE-2012-0283
|
a04247f1-8d9c-11e1-93c7-00215c6a37bb | Dokuwiki -- cross site scripting vulnerability
Andy Webber reports:
Add User appears to be vulnerable to Cross Site Request Forgery (CSRF/XSRF).
Discovery 2012-04-17 Entry 2012-04-23 dokuwiki
< 20120125_1
CVE-2012-2128
CVE-2012-2129
|
0b535cd0-9b90-11e0-800a-00215c6a37bb | Dokuwiki -- cross site scripting vulnerability
Dokuwiki reports:
We just released a Hotfix Release "2011-05-25a Rincewind".
It contains the following changes:
Security fix for a Cross Site Scripting vulnerability.
Malicious users could abuse DokuWiki's RSS embedding mechanism
to create links containing arbitrary JavaScript. Note: this
security problem is present in at least Anteater and Rincewind
but probably in older releases as well.
Discovery 2011-06-14 Entry 2011-06-20 dokuwiki
< 20110525a
http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind
|
7580f00e-280c-11e0-b7c8-00215c6a37bb | dokuwiki -- multiple privilege escalation vulnerabilities
Dokuwiki reports:
This security update fixes problems in the XMLRPC
interface where ACLs where not checked correctly
sometimes, making it possible to access and write
information that should not have been accessible/writable.
This only affects users who have enabled the XMLRPC
interface (default is off) and have enabled XMLRPC
access for users who can't access/write all content
anyway (default is nobody, see http://www.dokuwiki.org/config:xmlrpcuser
for details).
This update also includes a fix for a problem in
the general ACL checking function that could be exploited
to gain access to restricted pages and media files in rare
conditions (when you had rights for an id you could get
the same rights on ids where one character has been
replaced by a ".").
Discovery 2011-01-16 Entry 2011-01-24 dokuwiki
< 20101107a
http://bugs.dokuwiki.org/index.php?do=details&task_id=2136
|