CVE-2012-2129

Published: Aug 27, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120422 Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data

mailing-list

x_refsource_MLIST

53041

vdb-entry

x_refsource_BID

https://bugs.gentoo.org/show_bug.cgi?id=412891

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=815122

x_refsource_MISC

20120417 DokuWiki Ver.2012/01/25 CSRF Add User Exploit

mailing-list

x_refsource_BUGTRAQ

https://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26

x_refsource_CONFIRM

dokuwiki-doku-xss(74907)

vdb-entry

x_refsource_XF

[oss-security] 20120422 CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data

mailing-list

x_refsource_MLIST

http://ircrash.com/uploads/dokuwiki.txt

x_refsource_MISC

48848

third-party-advisory

x_refsource_SECUNIA

http://bugs.dokuwiki.org/index.php?do=details&task_id=2487

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-2129

Description

Affected Products

References