Advisories » MGASA-2015-0118

Updated dokuwiki package fixes security vulnerability

Publication date: 27 Mar 2015
Modification date: 27 Mar 2015
Type: security
Affected Mageia releases : 4

Description

DokuWiki before 20140929d is vulnerable to a cross-site scripting (XSS)
issue in the user manager. The user's details were not properly escaped in
the user manager's edit form. This allows a registered user to edit her
own name (using the change profile option) to include malicious JavaScript
code. The code is executed when a super user tries to edit the user via
the user manager
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15539
• https://github.com/splitbrain/dokuwiki/issues/1081
• https://www.dokuwiki.org/changes#release_2014-09-29d_hrun

SRPMS

4/core

• dokuwiki-20140929-1.4.mga4