CVE-2017-12980

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12980

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12980.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12980

Related

UBUNTU-CVE-2017-12980

Published

2017-08-21T07:29:00Z

Modified

2025-04-20T03:39:59.106306Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.

References

Affected packages

Debian:11 / dokuwiki

Package

Name: dokuwiki
Purl: pkg:deb/debian/dokuwiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.20180422.a-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dokuwiki

Package

Name: dokuwiki
Purl: pkg:deb/debian/dokuwiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.20180422.a-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dokuwiki

Package

Name: dokuwiki
Purl: pkg:deb/debian/dokuwiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.20180422.a-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/splitbrain/dokuwiki

Affected ranges

Type: GIT
Repo: https://github.com/splitbrain/dokuwiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a5690a8c536c2fc9bdb8871714c9978ea2c19c98

Affected versions

Other

release-2005-07-01

release-2005-07-13

release-2005-09-19

release-2005-09-22

release-2006-03-05

release-2006-03-09

release-2006-09-28rc

release-2006-10-08rc

release-2006-10-19rc

release-2006-11-06

release-2007-05-24rc

release-2007-06-26

release-2008-03-31rc

release-2008-04-11rc

release-2008-05-04

release-2008-05-05

release-2009-01-26rc

release-2009-01-30rc

release-2009-02-06rc

release-2009-02-14

release-2009-12-02rc

release-2009-12-25

release-2010-10-07rc

release-2010-10-27rc

release-2010-11-07

release-2010-11-07a

release-2010-11-07b

release-2011-11-10rc

release-2011_05_25

release-2011_05_25a

release-2012-01-25

release-2012-01-25b

release-2012-10-13

release-2012_09_10rc

release-2013-05-10

release-2013-05-10a

release-2013-10-28rc

release-2013-11-18rc

release-2013-12-08

release-2013-12-08a

release-2013_03_06rc

release-2014-05-05

release-2014-05-05a

release-2014-05-05b

release-2014-09-29

release-2014-09-29a

release-2014_05_05c

release-2014_05_05d

release-2014_05_05e

release-2014_09_29b

release-2014_09_29c

release-2014_09_29d

release-2015-08-10

release-2015-08-10a

release-2016-06-26

release-2016-06-26a

release-2016-06-26b

release-2016-06-26c

release-2016-06-26d

release-2016-06-26e

release-2017-02-19

release-2017-02-19a

release-2017-02-19b

release-2017-02-19c

release-2017-02-19d

release-2017-02-19e

release-2017-02-19f

release-2017-02-19g