CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2012-0283
https://notcve.org/view.php?id=CVE-2012-0283
Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función tpl_mediaFileList en inc/template.php en DokuWiki anterior a 2012-01-25b, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro ns en una acción medialist para lib/exe/ajax.php. • http://bugs.dokuwiki.org/index.php?do=details&task_id=2561 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html http://secunia.com/secunia_research/2012-24 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.securityfocus.com/bid/54439 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3727
https://notcve.org/view.php?id=CVE-2011-3727
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. DokuWiki v2009-12-25c permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con lib/tpl/index.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.mandriva.com/security/a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2011-2510
https://notcve.org/view.php?id=CVE-2011-2510
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad RSS dentro de DokuWiki anterior a v2011-05-25a Rincewind permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un link. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html http://secunia.com/advisories/45009 http://secunia.com/advisories/45190 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html http://www.debian.org/security/2011/dsa-2320 http://www.dokuwiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 29EXPL: 2CVE-2010-0287 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter. Vulnerabilidad de salto de directorio en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a usuarios remotos listar los contenidos de directorios de su elección a través de .. (punto punto) en el parámetro ns. • https://www.exploit-db.com/exploits/11141 http://bugs.splitbrain.org/index.php?do=details&task_id=1847 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html http://secunia.com/advisories/38183 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.debian.org/security/2010/dsa-1976 http://www.exploit-db.com/exploits/11141 http://www.securityfocus.com/bid/37821 http& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 2CVE-2010-0288 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. Una errata en el check del permiso de administrador del plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a atacantes remotos obtener privlegios y acceder a wikis cerrados editando las restricciones de ACL actuales, como se ha demostrado en Enero del 2010. • https://www.exploit-db.com/exploits/11141 http://bugs.splitbrain.org/index.php?do=details&task_id=1847 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html http://osvdb.org/61710 http://secunia.com/advisories/38183 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.debian.org/security/2010/dsa-1976 http://www.exploit-db.com/exploits/11141 http://www.s • CWE-264: Permissions, Privileges, and Access Controls •