Advisories ยป MGASA-2015-0118

Updated dokuwiki package fixes security vulnerability

Publication date: 27 Mar 2015
Type: security
Affected Mageia releases : 4


DokuWiki before 20140929d is vulnerable to a cross-site scripting (XSS)
issue in the user manager. The user's details were not properly escaped in
the user manager's edit form. This allows a registered user to edit her
own name (using the change profile option) to include malicious JavaScript
code. The code is executed when a super user tries to edit the user via
the user manager