Andreas Gohr : Security Vulnerabilities, CVEs, Published In 2012 (XSS)

CVE-2012-2129

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.
Max CVSS
4.3
EPSS Score
0.34%
Published
2012-08-27
Updated
2017-08-29

CVE-2012-2128

Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."
Max CVSS
6.8
EPSS Score
0.21%
Published
2012-08-27
Updated
2024-04-11

CVE-2012-0283

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.
Max CVSS
4.3
EPSS Score
0.28%
Published
2012-07-13
Updated
2013-08-22
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close