DokuWiki Mediamanager Cross-Site Scripting Vulnerability
BID:17065
Info
DokuWiki Mediamanager Cross-Site Scripting Vulnerability
| Bugtraq ID: | 17065 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1165 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 10 2006 12:00AM |
| Updated: | Feb 20 2007 04:06PM |
| Credit: | The vendor reported this vulnerability. |
| Vulnerable: |
DokuWiki DokuWiki 2005.9.22 DokuWiki DokuWiki 2004-10-19 DokuWiki DokuWiki 2004-09-30 DokuWiki DokuWiki 2004-09-25 DokuWiki DokuWiki 2004-09-12 DokuWiki DokuWiki 2004-08-22 DokuWiki DokuWiki 2004-08-15a DokuWiki DokuWiki 2004-08-15 DokuWiki DokuWiki 2004-08-08 DokuWiki DokuWiki 2004-07-25 DokuWiki DokuWiki 2004-07-21 |
| Not Vulnerable: |
DokuWiki DokuWiki 2006.3.5 |
Discussion
DokuWiki Mediamanager Cross-Site Scripting Vulnerability
DokuWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
DokuWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
DokuWiki Mediamanager Cross-Site Scripting Vulnerability
This issue can be exploited through use of a web client.
This issue can be exploited through use of a web client.
Solution / Fix
DokuWiki Mediamanager Cross-Site Scripting Vulnerability
Solution:
The vendor has released version 2006-03-05 to address this issue.
DokuWiki DokuWiki 2004-09-25
DokuWiki DokuWiki 2004-09-12
DokuWiki DokuWiki 2004-08-08
DokuWiki DokuWiki 2004-08-15a
DokuWiki DokuWiki 2004-07-25
DokuWiki DokuWiki 2004-08-15
DokuWiki DokuWiki 2004-10-19
DokuWiki DokuWiki 2004-09-30
DokuWiki DokuWiki 2004-07-21
DokuWiki DokuWiki 2004-08-22
DokuWiki DokuWiki 2005.9.22
Solution:
The vendor has released version 2006-03-05 to address this issue.
DokuWiki DokuWiki 2004-09-25
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-09-12
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-08-08
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-08-15a
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-07-25
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-08-15
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-10-19
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-09-30
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-07-21
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2004-08-22
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
DokuWiki DokuWiki 2005.9.22
-
DokuWiki dokuwiki-2006-03-09.tgz
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2006-03-09 .tgz
References
DokuWiki Mediamanager Cross-Site Scripting Vulnerability
References:
References:
- Change Log (DokuWiki)
- Home Page (DokuWiki)