[dokuwiki] Another XSS Vulnerability

• From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Fri, 21 Oct 2005 13:54:19 +0200

Hello!

Another Crossite Scripting (XSS) problem was discovered in DokuWiki  by
David Coallier. Search queries are not escaped correctly which allows an
attacker to construct links to the search containing malicious
JavaScript. This could  be used to steal user cookies.

Because DokuWiki's user cookies are encrypted, the risk is relative low,
but I recommend to fix these problems as soon as possible in your
installation.

The downloadable archive of release 2005-09-22 available at
http://www.splitbrain.org/go/dokuwiki was updated to incorporate the
needed fixes. Alternativly you can follow the instructions at
http://bugs.splitbrain.org/?do=details&id=604 to fix the problems your
self.

Regards
Andi

• Follow-Ups:
  • [dokuwiki] Re: Another XSS Vulnerability
    • From: Guy Brand

Other related posts:

• » [dokuwiki] Another XSS Vulnerability
• » [dokuwiki] Re: Another XSS Vulnerability

1. Home
2. dokuwiki
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---