CVE-2011-2510 — Cross-site Scripting in Dokuwiki

CWE-79 — Cross-site Scripting7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.9%

top 24.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki

Timeline

PublishedJul 14

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20110525a-1 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20110525a-1+3

▶NVDdokuwiki/dokuwiki2010-11-07a+11

Patches

Patch: bugs.debian.org ↗Patch: www.freelists.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-2xxx-mh72-rq2w: Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbit↗2022-05-17

▶

OSV

CVE-2011-2510: Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbit↗2011-07-14

▶

📋Vendor Advisories

Debian

CVE-2011-2510: dokuwiki - Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWik...↗2011

▶

💬Community

Bugzilla

CVE-2011-2510 dokuwiki: XSS in DokuWiki's RSS embedding mechanism↗2011-06-28

▶

Bugzilla

CVE-2011-2510 dokuwiki: XSS in DokuWiki's RSS embedding mechanism [epel-all]↗2011-06-28

▶

Bugzilla

CVE-2011-2510 dokuwiki: XSS in DokuWiki's RSS embedding mechanism [fedora-all]↗2011-06-28

▶