Arch Linux Security Advisory ASA-201412-19 ========================================= Severity: Medium Date : 2014-12-16 CVE-ID : CVE-2014-9253 Package : dokuwiki Type : cross-site scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ====== The package dokuwiki before version 20140929_b-1 is vulnerable to cross-site scripting. Resolution ========= Upgrade to 20140929_b-1. # pacman -Syu "dokuwiki>=20140929_b-1" The problem has been fixed upstream in version 20140929_b. Workaround ========= None. Description ========== It was discovered that dokuwiki did not sufficiently filter uploaded files. A remote attacker with upload access is able to use this flaw in order to upload SWF files leading to possible cross-site scripting. Impact ===== A remote attacker with upload access is able to craft a SWF file to perform a cross-site scripting attack. References ========= https://access.redhat.com/security/cve/CVE-2014-9253 https://seclists.org/oss-sec/2014/q4/1050 https://www.dokuwiki.org/changes#release_2014-09-29b_hrun https://github.com/splitbrain/dokuwiki/commit/778ddf
ArchLinux: 201412-19: dokuwiki: cross-site scripting
December 16, 2014
Summary
It was discovered that dokuwiki did not sufficiently filter uploaded files. A remote attacker with upload access is able to use this flaw in order to upload SWF files leading to possible cross-site scripting.
Resolution
Upgrade to 20140929_b-1.
# pacman -Syu "dokuwiki>=20140929_b-1"
The problem has been fixed upstream in version 20140929_b.
References
https://access.redhat.com/security/cve/CVE-2014-9253 https://seclists.org/oss-sec/2014/q4/1050 https://www.dokuwiki.org/changes#release_2014-09-29b_hrun https://github.com/splitbrain/dokuwiki/commit/778ddf
Severity
Package : dokuwiki
Type : cross-site scripting
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
Workaround
None.
News
HOWTOs
About Us
Powered By
