Strix
26.1K

CVE-2012-0283

UnknownEPSS 1.35%

Last modified

CVE-2012-0283 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.. EPSS estimates a 1.35% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.

Metrics

EPSS Probability
1.35%

68.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Andreas GohrDokuwiki<= 2012-01-25a
Andreas GohrDokuwiki2005-07-01
Andreas GohrDokuwiki2005-09-19
Andreas GohrDokuwiki2005-09-22
Andreas GohrDokuwiki2006-03-05
Andreas GohrDokuwiki2006-03-09
Andreas GohrDokuwiki2006-11-06
Andreas GohrDokuwiki2007-06-26
Andreas GohrDokuwiki2007-07-13
Andreas GohrDokuwiki2008-05-05
Andreas GohrDokuwiki2009-02-14b
Andreas GohrDokuwiki2009-12-25c
Andreas GohrDokuwiki2010-11-07a
Andreas GohrDokuwiki2011-05-25
Andreas GohrDokuwiki2011-05-25a
Andreas GohrDokuwiki2011-05-25c
Andreas GohrDokuwiki2012-01-25

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-0283?
Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.
How severe is CVE-2012-0283?
Severity scoring for CVE-2012-0283 is pending analysis. The EPSS model estimates a 1.35% probability of exploitation in the next 30 days.
How do I fix CVE-2012-0283?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-0283?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST