4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.2%
Secunia Research reports:
Secunia Research has discovered a vulnerability in DokuWiki, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the “ns” POST parameter in lib/exe/ajax.php (when “call”
is set to “medialist” and “do” is set to “media”) is not properly
sanitised within the “tpl_mediaFileList()” function in inc/template.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user’s browser session in context
of an affected site.