24 results (0.076 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-33103

https://notcve.org/view.php?id=CVE-2024-33103

30 Apr 2024 — An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product. Una vulnerabilidad de carga de archivos arbitrarios en el componente Media Manager de DokuWiki 2024-02-06a permite a los atacantes ejecutar código arbitrario cargando un archivo SVG manipulado. NOTA: com... • https://github.com/dokuwiki/dokuwiki/issues/4267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-34408

https://notcve.org/view.php?id=CVE-2023-34408

05 Jun 2023 — DokuWiki before 2023-04-04a allows XSS via RSS titles. DokuWiki antes de la fecha 04-04-2023 permite ataques de Cross-Site Scripting (XSS) a través de títulos RSS. • https://github.com/dokuwiki/dokuwiki/compare/release-2023-04-04...release-2023-04-04a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-3123 – Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki

https://notcve.org/view.php?id=CVE-2022-3123

05 Sep 2022 — Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio GitHub splitbrain/dokuwiki versiones anteriores a 2022-07-31a • https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-28919

https://notcve.org/view.php?id=CVE-2022-28919

12 May 2022 — HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. Se ha detectado que HTMLCreator versión release_stable_2020-07-29, contiene una vulnerabilidad de cross-site scripting (XSS) por medio de la función _generateFilename • https://github.com/splitbrain/dokuwiki/issues/3651 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 4

CVE-2018-15474 – DokuWiki 2018-04-22a Greebo Arbitrary Code Execution

https://notcve.org/view.php?id=CVE-2018-15474

06 Sep 2018 — CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki. ** EN DISPUTA ** Inyección CSV (también conocida como Excel Macro Injection o Formula Injection) en /lib/plugins/usermanager/admin.php en DokuWiki 2018-04-22a y anteriores... • https://packetstorm.news/files/id/149260 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2

CVE-2017-18123

https://notcve.org/view.php?id=CVE-2017-18123

03 Feb 2018 — The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. El parámetro call de /lib/exe/ajax.php en DokuWiki hasta 2017-02-19e no cifra correctamente las entradas de usuario, lo que conduce a una vulnerabilidad de descarga de archivos reflejada y permite que atacantes remotos ejecuten programas arbitrarios. • https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-12979

https://notcve.org/view.php?id=CVE-2017-12979

21 Aug 2017 — DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. DokuWiki en su versión 2017-02-19c tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) cuando presenta un nombre de lenguaje malicioso en un elemento del código en /inc/parser/xhtml.php. Un atacante puede crear o editar una wiki con este elemento para desencadenar la ejecución de Java... • https://github.com/splitbrain/dokuwiki/issues/2080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-12980

https://notcve.org/view.php?id=CVE-2017-12980

21 Aug 2017 — DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. DokuWiki en su versión 2017-02-19c tiene XSS almacenado cuando presenta un canal RSS o Atom malicioso, en /inc/parser/xhtml.php. Un atacante puede crear o editar una wiki que empl... • https://github.com/splitbrain/dokuwiki/issues/2081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1

CVE-2017-12583

https://notcve.org/view.php?id=CVE-2017-12583

06 Aug 2017 — DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. La versión 2017-02-19b de DokuWiki tiene una vulnerabilidad de tipo XSS en el parámetro at (o variable DATE_AT) al doku.php. • https://github.com/splitbrain/dokuwiki/issues/2061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-7964

https://notcve.org/view.php?id=CVE-2016-7964

31 Oct 2016 — The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16. El método sendRequest en HTTPClient Class en el archivo /inc/HTTPClient.php en DokuWiki 2016-06-26a y versiones más antiguas, cuando se habilita la búsqueda por archivo multimedia, no tiene manera de ... • http://www.securityfocus.com/bid/94245 • CWE-918: Server-Side Request Forgery (SSRF) •