Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 38 results


CVE-2024-33103

Medium priority
Ignored

** DISPUTED ** An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference,...

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-34408

Medium priority
Needs evaluation

DokuWiki before 2023-04-04a allows XSS via RSS titles.

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-3123

Medium priority
Needs evaluation

Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-28919

Medium priority
Needs evaluation

HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-15474

Medium priority
Ignored

** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary...

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-18123

Medium priority
Vulnerable

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2017-12980

Medium priority
Vulnerable

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger...

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2017-12979

Medium priority
Vulnerable

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2017-12583

Medium priority
Vulnerable

DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2016-7965

Medium priority
Ignored

DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the...

1 affected packages

dokuwiki

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dokuwiki Ignored Ignored
Show less packages