Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9253

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9253
Last Modified 02 Apr 2015 09:59:48
Published 17 Dec 2014 01:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9253

Summary

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.

Vulnerable Systems

Application

  • Dokuwiki 2014-05-05c


References

CONFIRM - https://www.dokuwiki.org/changes

CONFIRM - https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960

XF - dokuwiki-cve20149253-xss(99291)

SECTRACK - 1031369

BID - 71671

MISC - http://security.szurek.pl/dokuwiki-20140929a-xss.html

MLIST - [oss-security] 20141215 Re: CVE request: XSS flaw fixed in dokuwiki 2014-09-29b

CONFIRM - http://advisories.mageia.org/MGASA-2014-0540.html


Last Updated: 27 May 2016 11:08:17