Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dokuwiki dokuwiki vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2018-15474
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and previous versions allows remote malicious users to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV expo...
Dokuwiki Dokuwiki
8.8
CVSSv3
CVE-2021-40904
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web...
Tribe29 Checkmk
1 Github repository
8.6
CVSSv3
CVE-2017-18123
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote malicious users to run arbitrary programs.
Dokuwiki Dokuwiki
Debian Debian Linux 7.0
8.6
CVSSv3
CVE-2016-7964
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172...
Dokuwiki Dokuwiki 2016-06-26a
6.5
CVSSv3
CVE-2016-7965
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be t...
Dokuwiki Dokuwiki
6.1
CVSSv3
CVE-2022-3123
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki before 2022-07-31a.
Dokuwiki Dokuwiki
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.1
CVSSv3
CVE-2022-28919
HTMLCreator release_stable_2020-07-29 exists to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
Dokuwiki Dokuwiki 2020-07-29
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6.1
CVSSv3
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
Dokuwiki Dokuwiki
6.1
CVSSv3
CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an auth...
Dokuwiki Dokuwiki
6.1
CVSSv3
CVE-2017-12583
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
Dokuwiki Dokuwiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »