CVE-2011-2510
- EPSS 0.86%
- Published 14.07.2011 23:55:05
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.
CVE-2010-0289
- EPSS 0.4%
- Published 15.02.2010 18:30:00
- Last modified 11.04.2025 00:51:21
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control r...
CVE-2010-0288
- EPSS 15.61%
- Published 15.02.2010 18:30:00
- Last modified 11.04.2025 00:51:21
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the ...
- EPSS 8.49%
- Published 15.02.2010 18:30:00
- Last modified 11.04.2025 00:51:21
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
CVE-2009-1960
- EPSS 30.7%
- Published 08.06.2009 01:00:00
- Last modified 09.04.2025 00:30:58
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remo...