CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
61.8%
Updated dokuwiki package fix a security vulnerability: Our current dokuwiki-20140929-1.1.mga4 package uses dokuwiki-2014-09-29a source which allows swf (application/x-shockwave-flash) uploads by default. This may be used for Cross-site scripting (XSS) attack which enables attackers to inject client-side script into Web pages viewed by other users. (CVE-2014-9253). This update uses dokuwiki-2014-09-29b hotfix source which disables swf uploads by default and fixes the issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | dokuwiki | < 20140929-1.2 | dokuwiki-20140929-1.2.mga4 |