Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28919 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. | |||||
| CVE-2018-15474 | 1 Dokuwiki | 1 Dokuwiki | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki. | |||||
| CVE-2017-18123 | 2 Debian, Dokuwiki | 2 Debian Linux, Dokuwiki | 2024-11-21 | 9.3 HIGH | 8.6 HIGH |
| The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. | |||||