DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.
References
Link | Resource |
---|---|
https://github.com/splitbrain/dokuwiki/issues/2081 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-08-21T07:00:00
Updated: 2017-08-21T06:57:01
Reserved: 2017-08-21T00:00:00
Link: CVE-2017-12980
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-08-21T07:29:00.313
Modified: 2017-08-25T16:51:20.930
Link: CVE-2017-12980
JSON object: View
Redhat Information
No data.
CWE