Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2129

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2129
Last Modified 02 Sep 2013 02:23:59
Published 27 Aug 2012 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2129

Summary

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

Vulnerable Systems

Application

  • Andreas Gohr Dokuwiki 2012-01-25


References

CONFIRM - https://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=815122

MISC - https://bugs.gentoo.org/show_bug.cgi?id=412891

XF - dokuwiki-doku-xss(74907)

BID - 53041

MLIST - [oss-security] 20120422 Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data

MLIST - [oss-security] 20120422 CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data

SECUNIA - 48848

BUGTRAQ - 20120417 DokuWiki Ver.2012/01/25 CSRF Add User Exploit

MISC - http://ircrash.com/uploads/dokuwiki.txt

CONFIRM - http://bugs.dokuwiki.org/index.php?do=details&task_id=2487


Last Updated: 27 May 2016 11:00:18