CVE-2024-42758

A Cross-site Scripting XSS vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki Open Source Wiki Engine. A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is the...

CVE-2024-42758

A Cross-site Scripting XSS vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki Open Source Wiki Engine. A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is the...

MediaWiki authorization error vulnerability (CNVD-2023-29701)

MediaWiki is a free and free-to-use web-based wiki engine from the MediaWiki Foundation, which can be used to deploy in-house knowledge management and content management systems. An authorization error vulnerability exists in the MediaWiki GrowthExperiments extension, which could be exploited by ...

Trac Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

BoltWire 跨站脚本漏洞

BoltWire is a free, versatile wiki-like site engine developed in PHP with repository-like information management capabilities. A cross-site scripting vulnerability exists in BoltWire that allows an attacker to execute arbitrary web script or HTML via a specially crafted payload in the name and la...

KonaWiki3 cross-site scripting vulnerability

KonaWiki3 is a very simple PHP Wiki engine.KonaWiki3 is vulnerable to cross-site scripting. An attacker can exploit this vulnerability to execute arbitrary scripts on a user's Web browser via specially crafted URLs...

CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

Design/Logic Flaw

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

CVE-2020-15275

Removed by vendor...

Debian Security Advisory DSA 3100-1 (mediawiki - security update)

A flaw was discovered in mediawiki, a wiki engine: cross-domain-policy mangling allows an article editor to inject code into API consumers that deserialize PHP representations of the page from the API. OpenVAS Vulnerability Test $Id: deb3100.nasl 6663 2017-07-11 09:58:05Z teissa $ Auto-generated...

Debian: Security Advisory (DSA-3100-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mediawiki: Cross-site Scripting (XSS) and UI redressing

It was discovered that MediaWiki, a wiki engine, was separating the allowance of css and js modules resulting in Cross-site Scripting XSS and UI redressing issues...

Debian Security Advisory DSA 2957-1 (mediawiki - security update)

Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid usernames on Special:PasswordReset as wikitext when $wgRawHtml is enabled. On such wikis this allows an unauthenticated attacker to insert malicious JavaScript, a cross site scripting attack. OpenVAS Vulnerability Test $Id:...

MoinMoin action/twikidraw.py和action/anywikidraw.py任意代码执行漏洞

BUGTRAQ ID: 57082 CVECAN ID: CVE-2012-6081 MoinMoin是一个基于Python环境的wiki引擎程序，支持包括中文在内的多语种特性。 MoinMoin 1.9.6之前版本中 twikidraw action/twikidraw.py 、anywikidraw action/anywikidraw.py 脚本存在多个文件上传漏洞，可允许具有写权限的、经过身份验证的远程攻击者通过上传带有可执行扩展名的文件，然后直接请求该文件，执行任意代码。 0 MoinMoin Wiki Engine 1.9.3 厂商补丁： MoinMoin --------...

XSS Vulnerabilities in LabWiki

Information -------------------- Name : XSS Vulnerabilities in LabWiki Software : LabWiki 1.5 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Referenc...

LabWiki 1.5 Cross Site Scripting

Information -------------------- Name : XSS Vulnerabilities in LabWiki Software : LabWiki 1.5 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Referenc...

JAMWiki 1.1.4 Cross Site Scripting

Title : JAMWiki 'num' Parameter Cross Site Scripting Vulnerability Author : Sooraj K.S SecPod Technologies www.secpod.com Vendor : http://jamwiki.org/wiki/en/JAMWiki Advisory : http://secpod.org/blog/?p=493 http://secpod.org/advisories/SecPodJamWikiXSSVuln.txt Software : JAMWiki 1.1.4 Date :...

DSA-2022-1 mediawiki - several vulnerabilities

Bulletin has no description...

MoinMoin Wiki Engine XSS Vulnerability

MoinMoin Wiki Engine Cross-Site Scripting Discovered by: SecureState R&D Team sasquatch Website: www.securestate.com Discovered: 01-08-09 Vendor Notified: 01-08-09 Vendor Fix Issued: 01-11-09 http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1 Vendor Fix: Upgrade to version 1.8.1 Public Posting: 01-19-...

Gentoo Security Advisory GLSA 200803-27 (moinmoin)

The remote host is missing updates announced in advisory GLSA 200803-27. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...