CVE-2012-0283

EUVD-2012-0319
Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
andreas_gohrdokuwiki
𝑥
≤ 2012-01-25a
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dokuwiki
bookworm
0.0.20220731.a-2
fixed
bullseye
0.0.20180422.a-2.1
fixed
sid
0.0.20220731.a-3
fixed
squeeze
not-affected
trixie
0.0.20220731.a-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dokuwiki
hardy
not-affected
lucid
not-affected
natty
not-affected
oneiric
not-affected
precise
ignored
quantal
not-affected
raring
not-affected
saucy
not-affected
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://bugs.dokuwiki.org/index.php?do=details&task_id=2561
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html
http://secunia.com/secunia_research/2012-24/
http://security.gentoo.org/glsa/glsa-201301-07.xml
http://www.securityfocus.com/bid/54439
http://bugs.dokuwiki.org/index.php?do=details&task_id=2561
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html
http://secunia.com/secunia_research/2012-24/
http://security.gentoo.org/glsa/glsa-201301-07.xml
http://www.securityfocus.com/bid/54439