Andreas Gohr : Security Vulnerabilities, CVEs, Published In 2012 (XSS)
Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.
Max CVSS
4.3
EPSS Score
0.34%
Published
2012-08-27
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."
Max CVSS
6.8
EPSS Score
0.21%
Published
2012-08-27
Updated
2024-04-11
Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.
Max CVSS
4.3
EPSS Score
0.28%
Published
2012-07-13
Updated
2013-08-22
3 vulnerabilities found