Known Vulnerabilities for products from Dokuwiki
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Dokuwiki".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-26477 json | An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the media_upl... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2023-34408 json | DokuWiki before 2023-04-04a allows XSS via RSS titles. | 5.4 - MEDIUM | 2023-06-05 | 2023-06-09 |
| CVE-2022-28919 json | HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _... | 6.1 - MEDIUM | 2022-05-12 | 2023-11-07 |
| CVE-2022-3123 json | Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. | 6.1 - MEDIUM | 2022-09-05 | 2023-11-07 |
| CVE-2018-15474 json | ** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWi... | 9.6 - CRITICAL | 2018-09-07 | 2023-11-07 |
| CVE-2017-18123 json | The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a... | 8.6 - HIGH | 2018-02-03 | 2018-07-07 |
| CVE-2017-12980 json | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacke... | 6.1 - MEDIUM | 2017-08-21 | 2017-08-25 |
| CVE-2017-12979 json | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.... | 6.1 - MEDIUM | 2017-08-21 | 2017-08-25 |
| CVE-2017-12583 json | DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. | 6.1 - MEDIUM | 2017-08-06 | 2017-08-15 |
| CVE-2016-7965 json | DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. Thi... | 6.5 - MEDIUM | 2016-10-31 | 2016-11-28 |
| CVE-2016-7964 json | The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fet... | 8.6 - HIGH | 2016-10-31 | 2016-12-02 |
| CVE-2015-2172 json | DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remo... | 6.5 - MEDIUM | 2015-03-30 | 2019-02-05 |
| CVE-2014-9253 json | The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows re... | 4.3 - MEDIUM | 2014-12-17 | 2017-09-08 |
| CVE-2014-8764 json | DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass auth... | 5 - MEDIUM | 2014-10-22 | 2016-07-15 |
| CVE-2014-8763 json | DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentic... | 5 - MEDIUM | 2014-10-22 | 2016-07-15 |
| CVE-2014-8762 json | The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted n... | 5 - MEDIUM | 2014-10-22 | 2016-04-04 |
| CVE-2014-8761 json | inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers t... | 5 - MEDIUM | 2014-10-22 | 2015-09-10 |
| CVE-2012-3354 json | doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obt... | 4.3 - MEDIUM | 2012-11-20 | 2013-12-13 |
| CVE-2011-3727 json | DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which revea... | 5 - MEDIUM | 2011-09-23 | 2013-12-13 |
| CVE-2011-2510 json | Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote ... | 4.3 - MEDIUM | 2011-07-14 | 2017-08-29 |
Known software with vulnerabilities from Dokuwiki
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Dokuwiki | Dokuwiki | 2004-07-04 |