4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.129 Low
EPSS
Percentile
95.4%
DokuWiki reports:
The spellchecker tests the UTF-8 capabilities of the used browser
by sending an UTF-8 string to the backend, which will send it back
unfiltered. By comparing string length the spellchecker can work
around broken implementations. An attacker could construct a form to
let users send JavaScript to the spellchecker backend, resulting in
malicious JavaScript being executed in their browser.
Affected are all versions up to and including 2007-06-26 even when
the spell checker is disabled.