Information on source package dokuwiki

Available versions

ReleaseVersion
wheezy (security)0.0.20120125b-2+deb7u1
jessie0.0.20140505.a+dfsg-4
buster0.0.20160626.a-2
sid0.0.20160626.a-2

Open issues

BugwheezyjessiebustersidDescription
TEMP-0780817-7C5137vulnerable (no DSA)vulnerable (no DSA)fixedfixedInsufficient escaping in user manager allows XSS attack
CVE-2017-12980vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableDokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...
CVE-2017-12979vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableDokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...
CVE-2017-12583fixedfixedvulnerablevulnerableDokuWiki through 2017-02-19b has XSS in the at parameter (aka the ...
CVE-2016-7965vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableDokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...
CVE-2016-7964vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...
CVE-2014-9253vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe default file type whitelist configuration in conf/mime.conf in the ...

Open unimportant issues

BugwheezyjessiebustersidDescription
CVE-2012-3354vulnerablefixedfixedfixeddoku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain ...

Resolved issues

BugDescription
TEMP-0434134-B27890dokuwiki XSS in spellchecker
TEMP-0410557-009D67dokuwiki conf directory accessible by web users
TEMP-0000000-52FF39dokuwiki ACL bypass
CVE-2015-2172DokuWiki before 2014-05-05d and before 2014-09-29c does not properly ...
CVE-2014-8764DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP ...
CVE-2014-8763DokuWiki before 2014-05-05b, when using Active Directory for LDAP ...
CVE-2014-8762The ajax_mediadiff function in DokuWiki before 2014-05-05a allows ...
CVE-2014-8761inc/template.php in DokuWiki before 2014-05-05a only checks for access ...
CVE-2012-2129Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki ...
CVE-2012-2128** DISPUTED ** ...
CVE-2012-0283Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList ...
CVE-2011-2510Cross-site scripting (XSS) vulnerability in the RSS embedding feature ...
CVE-2010-0289Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL ...
CVE-2010-0288A typo in the administrator permission check in the ACL Manager plugin ...
CVE-2010-0287Directory traversal vulnerability in the ACL Manager plugin ...
CVE-2009-1960inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, ...
CVE-2008-5186** DISPUTED ** ...
CVE-2006-6965CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...
CVE-2006-5099lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...
CVE-2006-5098lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote ...
CVE-2006-4679DokuWiki before 2006-03-09c enables the debug feature by default, ...
CVE-2006-4675Unrestricted file upload vulnerability in lib/exe/media.php in ...
CVE-2006-4674Direct static code injection vulnerability in doku.php in DokuWiki ...
CVE-2006-2945Unspecified vulnerability in the user profile change functionality in ...
CVE-2006-2878The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...
CVE-2006-1165Cross-site scripting (XSS) vulnerability in the mediamanager module in ...
CVE-2004-2560DokuWiki before 2004-10-19, when used on a web server that permits ...
CVE-2004-2559DokuWiki before 2004-10-19 allows remote attackers to access ...

Security announcements

DSA / DLADescription
DSA-3059-1dokuwiki - security update
DLA-79-1dokuwiki - security update
DSA-1976-1dokuwiki - several vulnerabilities

Search for package or bug name: Reporting problems