CVE-2024-42758

Name of the Vulnerable Software and Affected Versions indexmenu plugin version v2024-01-05

Description A Cross-site Scripting (XSS) issue exists in the indexmenu plugin for Dokuwiki. This allows a malicious attacker to input XSS payloads, for example, when creating or editing a page. The XSS is then stored in a .txt file due to Dokuwiki's design, presenting a stored XSS risk.

Recommendations For indexmenu plugin version v2024-01-05, consider disabling the plugin until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the plugin's functionality to minimize the risk of stored XSS attacks. Avoid using the plugin for creating or editing pages until the issue is resolved.