10 matches found
CVE-2022-3123
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
Cross site scripting
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123 Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123 Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123
CVE-2022-3123 : A reflected XSS vulnerability in DokuWiki (splitbrain/dokuwiki) was present prior to 2022-07-31a. Connected sources confirm affected software is DokuWiki and the issue arises from reflected XSS in user input that can be echoed in responses. Multiple advisories indicate fixes/updat...
Improper Access Control in splitbrain/dokuwiki
Description Users can access drafts of restricted files if they have create permissions on the same namespace and have the ability to create their own usernames due to the conflicting cache names. This can reveal draft contents, delete draft and overwrite the draft content of the restricted file...
Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki
Description Although security token is present in the delete draft POST request. It is not being checked in the backend by checkSecurityToken CSRF checks. Proof of Concept 1: As a logged-in user create a draft page, on the data/cache directory of the server run the command to confirm a draft has...
Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki
Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' Impact This vulnerability is capable of forging users to unintentional logout. More Detail One way GET could be abused here is that a person competito...
Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki
Description Another low-severity CSRF last one, I think. identified on styling page Proof of Concept Requests to the following endpoint used by admins to edit template styling settings do not contain sectok CSRF token POST /doku.php?id=start&do=admin&page=styling Impact This vulnerability is...