| |||||||||||||||||||
Mageia alert MGASA-2012-0207 (dokuwiki)
MGASA-2012-0207 Date: August 12th, 2012 Affected releases: 2 Description: Updated dokuwiki package fixes security vulnerabilities: Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php (SA49196, CVE-2012-0283). A cross-site scripting (XSS) and cross-site request forgery (CSRF) flaws were found in the way DokuWiki, a standards compliant, simple to use Wiki, performed sanitization of the 'target' parameter when preprocessing edit form data. A remote attacker could provide a specially-crafted URL, which once visited by a valid DokuWiki user would lead to arbitrary HTML or web script execution in the context of logged in DokuWiki user (SA48848, CVE-2012-2128, CVE-2012-2129). Updated Packages: dokuwiki-20120125-1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2129 https://secunia.com/advisories/48848/ http://www.securelist.com/en/advisories/49196 https://www.dokuwiki.org/changes http://lists.fedoraproject.org/pipermail/package-announce... https://bugs.mageia.org/show_bug.cgi?id=6166 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||