Dokuwiki
By the Year
In 2024 there have been 0 vulnerabilities in Dokuwiki . Last year Dokuwiki had 1 security vulnerability published. Right now, Dokuwiki is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.40 |
| 2022 | 2 | 6.10 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 9.60 |
It may take a day or so for new Dokuwiki vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dokuwiki Security Vulnerabilities
DokuWiki before 2023-04-04a
CVE-2023-34408
5.4 - Medium
- June 05, 2023
DokuWiki before 2023-04-04a allows XSS via RSS titles.
XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
CVE-2022-3123
6.1 - Medium
- September 05, 2022
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
XSS
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability
CVE-2022-28919
6.1 - Medium
- May 12, 2022
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
XSS
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value
CVE-2018-15474
9.6 - Critical
- September 07, 2018
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki.
CSV Injection
