CVE-2024-33103 — Cross-site Scripting in Dokuwiki

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 72.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Dokuwiki

Timeline

PublishedApr 30

Description

An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶debiandebian/dokuwiki

🔴Vulnerability Details

GHSA

GHSA-57hj-hrjv-grpg: An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code via uploading↗2024-04-30

▶

OSV

CVE-2024-33103: ** DISPUTED ** An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary cod↗2024-04-30

▶

OSV

CVE-2024-33103: An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading↗2024-04-30

▶

📋Vendor Advisories

Debian

CVE-2024-33103: dokuwiki - An arbitrary file upload vulnerability in the Media Manager component of DokuWik...↗2024

▶