Summary
This host is installed with Dokuwiki and is prone to multiple Cross Site Scripting vulnerabilities.
Impact
Successful exploitation allows attackers to conduct cross site request forgery attacks via unknown vectors.
Impact Level: Application.
Solution
Update to version 2009-12-25c or later.
For updates refer to http://www.splitbrain.org/go/dokuwiki
Insight
The flaws are due to error in 'ACL' Manager plugin (plugins/acl/ajax.php) that allows users to perform certain actions via HTTP requests without performing any validity checks.
Affected
Dokuwiki versions prior to 2009-12-25c
References
Severity
Classification
-
CVE CVE-2010-0289 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities