4.3

CVE-2012-0283

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.

Data is provided by the National Vulnerability Database (NVD)
Andreas GohrDokuwiki Version <= 2012-01-25a
Andreas GohrDokuwiki Version2005-07-01
Andreas GohrDokuwiki Version2005-09-19
Andreas GohrDokuwiki Version2005-09-22
Andreas GohrDokuwiki Version2006-03-05
Andreas GohrDokuwiki Version2006-03-09
Andreas GohrDokuwiki Version2006-11-06
Andreas GohrDokuwiki Version2007-06-26
Andreas GohrDokuwiki Version2007-07-13
Andreas GohrDokuwiki Version2008-05-05
Andreas GohrDokuwiki Version2009-02-14b
Andreas GohrDokuwiki Version2009-12-25c
Andreas GohrDokuwiki Version2010-11-07a
Andreas GohrDokuwiki Version2011-05-25
Andreas GohrDokuwiki Version2011-05-25a
Andreas GohrDokuwiki Version2011-05-25c
Andreas GohrDokuwiki Version2012-01-25
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.52% 0.639
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.