Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2510

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2510
Last Modified 21 Aug 2013 11:43:54
Published 14 Jul 2011 07:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2510

Summary

Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.

Vulnerable Systems

Application

  • Dokuwiki 2005-07-01

  • Dokuwiki 2005-07-13

  • Dokuwiki 2005-09-19

  • Dokuwiki 2005-09-22

  • Dokuwiki 2006-03-05

  • Dokuwiki 2006-03-09

  • Dokuwiki 2006-11-06

  • Dokuwiki 2007-06-26

  • Dokuwiki 2008-05-05

  • Dokuwiki 2009-02-14b

  • Dokuwiki 2009-12-25c

  • Dokuwiki 2010-11-07a


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=717146

MLIST - [oss-security] 20110629 Re: CVE Request -- DokuWiki -- XSS in DokuWiki's RSS embedding mechanism

MLIST - [oss-security] 20110628 CVE Request -- DokuWiki -- XSS in DokuWiki's RSS embedding mechanism

MLIST - [dokuwiki] 20110614 Hotfix Release

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818

XF - dokuwiki-rss-xss(68122)

BID - 48364

MISC - http://www.dokuwiki.org/changes

DEBIAN - DSA-2320

MISC - http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html

SECUNIA - 45190

SECUNIA - 45009

FEDORA - FEDORA-2011-8816

FEDORA - FEDORA-2011-8831

MLIST - [dokuwiki] 20110614 Hotfix Release "2011-05-25a Rincewind"

GENTOO - GLSA-201301-07


Last Updated: 27 May 2016 10:53:52