Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jun 2011 09:18:48 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>,
        Luciano Bello <>,
Subject: CVE Request -- DokuWiki -- XSS in DokuWiki's RSS embedding mechanism

Hello Josh, Steve, vendors,

   it was found that DokuWiki's RSS embedding mechanism did not properly
escape user-provided links. An attacker could use this flaw to conduct
cross-site scripting (XSS) attacks, potentially leading to arbitrary
JavaScript code execution.


This issue has been addressed in upstream "2011-05-25 Rincewind"

This issue doesn't seem to have a CVE identifier yet. Could you allocate

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ