Dokuwiki Security Vulnerabilities and Issues — Dokuwiki CVE List

Lucene search

Andreas GohrDokuwiki

5 matches found

CVE•added 2012/08/27 9:55 p.m.•146 views

CVE-2012-2129

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

4.3CVSS5.5AI score0.0083EPSS

CVE•added 2012/07/13 9:55 p.m.•40 views

CVE-2012-0283

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.

4.3CVSS5.5AI score0.00516EPSS

CVE•added 2006/06/12 8:6 p.m.•39 views

CVE-2006-2945

Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors.

4CVSS6.1AI score0.00284EPSS

CVE•added 2006/03/12 9:2 p.m.•37 views

CVE-2006-1165

Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."

4.3CVSS5.6AI score0.00427EPSS

CVE•added 2007/01/29 5:28 p.m.•37 views

CVE-2006-6965

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.

4.3CVSS6.2AI score0.00632EPSS