CVE-2025-61224
published 2025-10-06CVE-2025-61224: Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter
PriorityP343medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EXPLOIT
EPSS
1.29%
66.7th percentile
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dokuwiki | < dokuwiki 2025-05-14.b+dfsg-1 (forky) | dokuwiki 2025-05-14.b+dfsg-1 (forky) |
| dokuwiki | dokuwiki | >= 0 < 2025-05-14.b+dfsg-1 | 2025-05-14.b+dfsg-1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pp4p-g4w7-gvp7: Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56
ghsa_unreviewed·2025-10-06
CVE-2025-61224 [MEDIUM] CWE-79 GHSA-pp4p-g4w7-gvp7: Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter
OSV
CVE-2025-61224: Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56
osv·2025-10-06·CVSS 6.5
CVE-2025-61224 [MEDIUM] CVE-2025-61224: Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter
Debian
CVE-2025-61224: dokuwiki - Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] all...
vendor_debian·2025·CVSS 6.5
CVE-2025-61224 [MEDIUM] CVE-2025-61224: dokuwiki - Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] all...
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 2025-05-14.b+dfsg-1)
sid: resolved (fixed in 2025-05-14.b+dfsg-1)
trixie: open
No detection rules found.
Nuclei
DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting
nuclei·CVSS 6.5
CVE-2025-61224 [MEDIUM] DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting
DokuWiki @<svg/onload=alert'
- 'content="DokuWiki'
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4b0a00483046022100bcc36f38be969d88cd9ef5e092d381cdb9ba2de6d2eceb88b40d12737359abaf022100ce4e3865b3e78bda4a4dd000c031b3a44498fd71f9b4eac4bb8db9a3c38431b6:922c64590222798bb761d5b6d8e72950
2025-10-06
Published