Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-12583Cross-site Scripting in Dokuwiki

CWE-79Cross-site Scripting9 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
1.3%
top 20.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
DokuwikiDebian Dokuwiki
Timeline
PublishedAug 6
Latest updateMay 17

Description

DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/dokuwiki< dokuwiki 0.0.20180422.a-1 (bookworm)
Debiandokuwiki/dokuwiki< 0.0.20180422.a-1+3
NVDdokuwiki/dokuwiki2017-02-19b

🔴Vulnerability Details

2
GHSA
GHSA-j3wq-v5r5-94w2: DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku2022-05-17
OSV
CVE-2017-12583: DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku2017-08-06

💥Exploits & PoCs

1
Nuclei
DokuWiki - Cross-Site Scripting

📋Vendor Advisories

1
Debian
CVE-2017-12583: dokuwiki - DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variab...2017

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter October 2025

💬Community

3
Bugzilla
CVE-2016-7964 CVE-2016-7965 CVE-2017-12583 CVE-2017-12979 CVE-2017-12980 CVE-2017-18123 dokuwiki: Various flaws2016-10-31
Bugzilla
CVE-2016-7964 CVE-2016-7965 CVE-2017-12583 CVE-2017-12979 CVE-2017-12980 CVE-2017-18123 dokuwiki: Various flaws [epel-all]2016-10-31
Bugzilla
CVE-2016-7964 CVE-2016-7965 CVE-2017-12583 CVE-2017-12979 CVE-2017-12980 CVE-2017-18123 dokuwiki: Various flaws [fedora-all]2016-10-31