3 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-12980
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that us...
UBUNTU-CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...
CVE-2017-12980
CVE-2017-12980 : DokuWiki versions up to 2017-02-19c are vulnerable to stored XSS via RSS/Atom feeds rendered in /inc/parser/xhtml.php. An attacker can inject JavaScript (e.g., in the dc:creator element) by supplying attacker-controlled data from a feed, leading to script execution in a user’s br...