Approved changes feed: RSS · Atom

cpe:2.3:a:andreas_gohr:dokuwiki:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAndreas Gohr (a4658386-3843-5995-b060-5bea819353f1)
ProductDokuwiki (9c540088-be0d-55e8-acc6-feb8e635a857)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/dokuwiki purl2cpe 2026-06-01 10:15:23.900560
pkg:deb/ubuntu/dokuwiki purl2cpe 2026-06-01 10:15:23.900562
pkg:github/splitbrain/dokuwiki purl2cpe 2026-06-01 10:15:23.900563
pkg:rpm/fedora/dokuwiki purl2cpe 2026-06-01 10:15:23.900565
pkg:rpm/opensuse/dokuwiki purl2cpe 2026-06-01 10:15:23.900566

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-42758 vulnerable 2026-06-08 06:45:46.941344 Details available
A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS.
Published: 2024-08-16T00:00:00.000Z
Updated: 2024-08-19T17:34:38.788Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-0283 vulnerable 2026-06-08 05:00:40.513588 Details available
Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.
Published: 2012-07-13T21:00:00.000Z
Updated: 2024-08-06T18:23:29.368Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-4679 vulnerable 2026-06-08 04:49:18.531101 Details available
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".
Published: 2006-09-11T17:00:00.000Z
Updated: 2024-08-07T19:23:41.086Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-4675 vulnerable 2026-06-08 04:49:18.522806 Details available
Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.
Published: 2006-09-11T17:00:00.000Z
Updated: 2024-08-07T19:23:41.090Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-4674 vulnerable 2026-06-08 04:49:18.509034 Details available
Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
Published: 2006-09-11T17:00:00.000Z
Updated: 2024-08-07T19:23:40.296Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-2945 vulnerable 2026-06-08 04:49:07.941269 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2006-2878 vulnerable 2026-06-08 04:49:07.760103 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.