Summary
This host is running DokuWiki and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to DokuWiki version 2012-01-25a or later
For updates refer to http://www.splitbrain.org/projects/dokuwiki
Insight
The input passed via 'target' parameter to 'doku.php' script (when 'do' is set to 'edit') is not properly validated, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Affected
DokuWiki version 2012-01-25 and prior
References
- http://ircrash.com/uploads/dokuwiki.txt
- http://packetstormsecurity.org/files/111939/DocuWiki-2012-01-25-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
- http://secunia.com/advisories/48848
- http://www.osvdb.org/81355
- https://bugs.dokuwiki.org/index.php?do=details&task_id=2487
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-2129 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities