Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dokuwiki dokuwiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33103
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows malicious users to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with ...
5.4
CVSSv3
CVE-2023-34408
DokuWiki prior to 2023-04-04a allows XSS via RSS titles.
Dokuwiki Dokuwiki
6.1
CVSSv3
CVE-2022-3123
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki before 2022-07-31a.
Dokuwiki Dokuwiki
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.1
CVSSv3
CVE-2022-28919
HTMLCreator release_stable_2020-07-29 exists to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
Dokuwiki Dokuwiki 2020-07-29
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
8.8
CVSSv3
CVE-2021-40904
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web...
Tribe29 Checkmk
1 Github repository
9.6
CVSSv3
CVE-2018-15474
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and previous versions allows remote malicious users to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV expo...
Dokuwiki Dokuwiki
8.6
CVSSv3
CVE-2017-18123
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote malicious users to run arbitrary programs.
Dokuwiki Dokuwiki
Debian Debian Linux 7.0
5.4
CVSSv3
CVE-2017-15214
Stored XSS vulnerability in Flyspray 1.0-rc4 prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/d...
Flyspray Flyspray 1.0
6.1
CVSSv3
CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an auth...
Dokuwiki Dokuwiki
6.1
CVSSv3
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
Dokuwiki Dokuwiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »