Back

CVE-2024-42758

Aug. 16, 2024, 6:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Dokuwiki

  • v2024-01-05

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-16
CVE-2024-42758

CVE-2024-42758 details

Published : Aug. 16, 2024, 6:15 p.m.
Last Modified : Aug. 16, 2024, 6:15 p.m.

Description

A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/1s1ldur/CVE-2024-42758/blob/main/README.md cve@mitre.org
https://github.com/dokuwiki/dokuwiki cve@mitre.org
https://github.com/samuelet/indexmenu cve@mitre.org
https://github.com/samuelet/indexmenu/issues/317 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.