ByteOS Network

Source-PSIRT-CNA@flexerasoftware.com

Published At-13 Jul, 2012 | 21:55

Updated At-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

andreas_gohr>>dokuwiki>>Versions up to 2012-01-25a(inclusive)

cpe:2.3:a:andreas_gohr:dokuwiki:*:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2005-07-01

cpe:2.3:a:andreas_gohr:dokuwiki:2005-07-01:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2005-09-19

cpe:2.3:a:andreas_gohr:dokuwiki:2005-09-19:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2005-09-22

cpe:2.3:a:andreas_gohr:dokuwiki:2005-09-22:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2006-03-05

cpe:2.3:a:andreas_gohr:dokuwiki:2006-03-05:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2006-03-09

cpe:2.3:a:andreas_gohr:dokuwiki:2006-03-09:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2006-11-06

cpe:2.3:a:andreas_gohr:dokuwiki:2006-11-06:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2007-06-26

cpe:2.3:a:andreas_gohr:dokuwiki:2007-06-26:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2007-07-13

cpe:2.3:a:andreas_gohr:dokuwiki:2007-07-13:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2008-05-05

cpe:2.3:a:andreas_gohr:dokuwiki:2008-05-05:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2009-02-14b

cpe:2.3:a:andreas_gohr:dokuwiki:2009-02-14b:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2009-12-25c

cpe:2.3:a:andreas_gohr:dokuwiki:2009-12-25c:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2010-11-07a

cpe:2.3:a:andreas_gohr:dokuwiki:2010-11-07a:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2011-05-25

cpe:2.3:a:andreas_gohr:dokuwiki:2011-05-25:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2011-05-25a

cpe:2.3:a:andreas_gohr:dokuwiki:2011-05-25a:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2011-05-25c

cpe:2.3:a:andreas_gohr:dokuwiki:2011-05-25c:*:*:*:*:*:*:*

andreas_gohr>>dokuwiki>>2012-01-25

cpe:2.3:a:andreas_gohr:dokuwiki:2012-01-25:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://bugs.dokuwiki.org/index.php?do=details&task_id=2561	PSIRT-CNA@flexerasoftware.com	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html	PSIRT-CNA@flexerasoftware.com	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html	PSIRT-CNA@flexerasoftware.com	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html	PSIRT-CNA@flexerasoftware.com	N/A
http://secunia.com/secunia_research/2012-24/	PSIRT-CNA@flexerasoftware.com	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201301-07.xml	PSIRT-CNA@flexerasoftware.com	N/A
http://www.securityfocus.com/bid/54439	PSIRT-CNA@flexerasoftware.com	N/A
http://bugs.dokuwiki.org/index.php?do=details&task_id=2561	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/secunia_research/2012-24/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201301-07.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/54439	af854a3a-2127-422b-91ae-364da2661108	N/A