Vulnerabilities > Dokuwiki > Dokuwiki > 2009.12.25c
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-05 | CVE-2023-34408 | Cross-site Scripting vulnerability in Dokuwiki DokuWiki before 2023-04-04a allows XSS via RSS titles. | 5.4 |
2022-09-05 | CVE-2022-3123 | Cross-site Scripting vulnerability in multiple products Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. | 6.1 |
2018-09-07 | CVE-2018-15474 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Dokuwiki CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. | 9.6 |
2018-02-03 | CVE-2017-18123 | Improper Input Validation vulnerability in multiple products The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. | 9.3 |
2017-08-21 | CVE-2017-12980 | Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. | 4.3 |
2017-08-21 | CVE-2017-12979 | Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. | 4.3 |
2017-08-06 | CVE-2017-12583 | Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. | 4.3 |
2016-10-31 | CVE-2016-7965 | Improper Input Validation vulnerability in Dokuwiki DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. | 4.3 |
2014-12-17 | CVE-2014-9253 | Cross-Site Scripting vulnerability in multiple products The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php. | 4.3 |
2014-10-22 | CVE-2014-8764 | Improper Authentication vulnerability in multiple products DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. | 5.0 |