| Bug | Description |
|---|
| TEMP-0780817-7C5137 | Insufficient escaping in user manager allows XSS attack |
| TEMP-0434134-B27890 | dokuwiki XSS in spellchecker |
| TEMP-0410557-009D67 | dokuwiki conf directory accessible by web users |
| TEMP-0000000-52FF39 | dokuwiki ACL bypass |
| CVE-2022-3123 | Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain ... |
| CVE-2017-18123 | The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19 ... |
| CVE-2017-12980 | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ... |
| CVE-2017-12979 | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ... |
| CVE-2017-12583 | DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE ... |
| CVE-2015-2172 | DokuWiki before 2014-05-05d and before 2014-09-29c does not properly c ... |
| CVE-2014-9253 | The default file type whitelist configuration in conf/mime.conf in the ... |
| CVE-2014-8764 | DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP ... |
| CVE-2014-8763 | DokuWiki before 2014-05-05b, when using Active Directory for LDAP auth ... |
| CVE-2014-8762 | The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remo ... |
| CVE-2014-8761 | inc/template.php in DokuWiki before 2014-05-05a only checks for access ... |
| CVE-2012-3354 | doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain P ... |
| CVE-2012-2129 | Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012- ... |
| CVE-2012-2128 | Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWik ... |
| CVE-2012-0283 | Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList func ... |
| CVE-2011-2510 | Cross-site scripting (XSS) vulnerability in the RSS embedding feature ... |
| CVE-2010-0289 | Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL ... |
| CVE-2010-0288 | A typo in the administrator permission check in the ACL Manager plugin ... |
| CVE-2010-0287 | Directory traversal vulnerability in the ACL Manager plugin (plugins/a ... |
| CVE-2009-1960 | inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, w ... |
| CVE-2008-5186 | The set_language_path function in geshi.php in Generic Syntax Highligh ... |
| CVE-2006-6965 | CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03- ... |
| CVE-2006-5099 | lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert ... |
| CVE-2006-5098 | lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attack ... |
| CVE-2006-4679 | DokuWiki before 2006-03-09c enables the debug feature by default, whic ... |
| CVE-2006-4675 | Unrestricted file upload vulnerability in lib/exe/media.php in DokuWik ... |
| CVE-2006-4674 | Direct static code injection vulnerability in doku.php in DokuWiki bef ... |
| CVE-2006-2945 | Unspecified vulnerability in the user profile change functionality in ... |
| CVE-2006-2878 | The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier a ... |
| CVE-2006-1165 | Cross-site scripting (XSS) vulnerability in the mediamanager module in ... |
| CVE-2004-2560 | DokuWiki before 2004-10-19, when used on a web server that permits exe ... |
| CVE-2004-2559 | DokuWiki before 2004-10-19 allows remote attackers to access administr ... |