Search CVE reports
1 – 10 of 38 results
CVE-2024-33103
Medium priority** DISPUTED ** An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference,...
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-34408
Medium priorityDokuWiki before 2023-04-04a allows XSS via RSS titles.
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-3123
Medium priorityCross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-28919
Medium priorityHTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-15474
Medium priority** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary...
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2017-18123
Medium priorityThe call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2017-12980
Medium priorityDokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger...
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2017-12979
Medium priorityDokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2017-12583
Medium priorityDokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2016-7965
Medium priorityDokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the...
1 affected packages
dokuwiki
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dokuwiki | — | — | — | Ignored | Ignored |