CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34408
https://notcve.org/view.php?id=CVE-2023-34408
DokuWiki before 2023-04-04a allows XSS via RSS titles. DokuWiki antes de la fecha 04-04-2023 permite ataques de Cross-Site Scripting (XSS) a través de títulos RSS. • https://github.com/dokuwiki/dokuwiki/compare/release-2023-04-04...release-2023-04-04a https://github.com/dokuwiki/dokuwiki/pull/3967 https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0 https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3123 – Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki
https://notcve.org/view.php?id=CVE-2022-3123
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio GitHub splitbrain/dokuwiki versiones anteriores a 2022-07-31a • https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6 https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28919
https://notcve.org/view.php?id=CVE-2022-28919
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. Se ha detectado que HTMLCreator versión release_stable_2020-07-29, contiene una vulnerabilidad de cross-site scripting (XSS) por medio de la función _generateFilename • https://github.com/splitbrain/dokuwiki/issues/3651 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 29EXPL: 2CVE-2010-0287 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter. Vulnerabilidad de salto de directorio en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a usuarios remotos listar los contenidos de directorios de su elección a través de .. (punto punto) en el parámetro ns. • https://www.exploit-db.com/exploits/11141 http://bugs.splitbrain.org/index.php?do=details&task_id=1847 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html http://secunia.com/advisories/38183 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.debian.org/security/2010/dsa-1976 http://www.exploit-db.com/exploits/11141 http://www.securityfocus.com/bid/37821 http& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 2CVE-2010-0288 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. Una errata en el check del permiso de administrador del plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a atacantes remotos obtener privlegios y acceder a wikis cerrados editando las restricciones de ACL actuales, como se ha demostrado en Enero del 2010. • https://www.exploit-db.com/exploits/11141 http://bugs.splitbrain.org/index.php?do=details&task_id=1847 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html http://osvdb.org/61710 http://secunia.com/advisories/38183 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.debian.org/security/2010/dsa-1976 http://www.exploit-db.com/exploits/11141 http://www.s • CWE-264: Permissions, Privileges, and Access Controls •