Vulnerabilities > Dokuwiki

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-05	CVE-2023-34408	Cross-site Scripting vulnerability in Dokuwiki DokuWiki before 2023-04-04a allows XSS via RSS titles. network low complexity dokuwiki CWE-79	5.4
2022-09-05	CVE-2022-3123	Cross-site Scripting vulnerability in multiple products Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. network low complexity dokuwiki fedoraproject CWE-79	6.1
2022-05-12	CVE-2022-28919	Cross-site Scripting vulnerability in multiple products HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. network low complexity dokuwiki fedoraproject CWE-79	6.1
2018-09-07	CVE-2018-15474	Improper Neutralization of Formula Elements in a CSV File vulnerability in Dokuwiki CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. network low complexity dokuwiki CWE-1236 critical	9.6
2018-02-03	CVE-2017-18123	Improper Input Validation vulnerability in multiple products The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. local low complexity dokuwiki debian CWE-20	8.6
2017-08-21	CVE-2017-12980	Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. network low complexity dokuwiki CWE-79	6.1
2017-08-21	CVE-2017-12979	Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. network low complexity dokuwiki CWE-79	6.1
2017-08-06	CVE-2017-12583	Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. network low complexity dokuwiki CWE-79	6.1
2016-10-31	CVE-2016-7965	Improper Input Validation vulnerability in Dokuwiki DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. network low complexity dokuwiki CWE-20	6.5
2016-10-31	CVE-2016-7964	Server-Side Request Forgery (SSRF) vulnerability in Dokuwiki 20160626A The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. network low complexity dokuwiki CWE-918	8.6

Vulnerabilities > Dokuwiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dokuwiki"}]}

Vulnerabilities > Dokuwiki