CVE-2012-2129Cross-site Scripting in Dokuwiki

CWE-79Cross-site ScriptingCWE-352Cross-Site Request Forgery12 documents5 sources
Severity
6.8MEDIUMNVD
NVD4.3OSV4.3
EPSS
0.8%
top 25.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
DokuwikiDebian DokuwikiAndreas Gohr Dokuwiki
Timeline
PublishedAug 27
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

debiandebian/dokuwiki< dokuwiki 0.0.20120125a-1 (bookworm)
Debiandokuwiki/dokuwiki< 0.0.20120125a-1+3
Ubuntudokuwiki/dokuwiki< 0.0.20131208-1
NVDandreas_gohr/dokuwiki2012-01-25

🔴Vulnerability Details

5
GHSA
GHSA-2423-333r-g3m8: Cross-site scripting (XSS) vulnerability in doku2022-05-17
GHSA
GHSA-8246-cj8p-3gjh: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku2022-05-17
OSV
CVE-2012-2128: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku2012-08-27
OSV
CVE-2012-2129: Cross-site scripting (XSS) vulnerability in doku2012-08-27
OSV
CVE-2012-2128: Cross-site request forgery (CSRF) vulnerability in doku2012-08-27

📋Vendor Advisories

2
Debian
CVE-2012-2128: dokuwiki - Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-...2012
Debian
CVE-2012-2129: dokuwiki - Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angu...2012

💬Community

3
Bugzilla
CVE-2012-2128 CVE-2012-2129 dokuwiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data [fedora-all]2012-04-22
Bugzilla
CVE-2012-2128 CVE-2012-2129 dokuwiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data2012-04-22
Bugzilla
CVE-2012-2128 CVE-2012-2129 dokuwiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data [epel-all]2012-04-22