CVE-2012-0283

Name of the Vulnerable Software and Affected Versions DokuWiki versions prior to 2012-01-25b

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the ns parameter in a medialist action to "lib/exe/ajax.php".

Recommendations For versions prior to 2012-01-25b, update to a version released after 2012-01-25b to resolve the issue. As a temporary workaround, consider restricting access to the "lib/exe/ajax.php" endpoint or disabling the tpl mediaFileList function in "inc/template.php" until a patch is available. Avoid using the ns parameter in the affected API endpoint until the issue is resolved.