<html> <head> <title>FS#2561 XSS in lib/exe/ajax.php</title> <link href="static/style.css" rel="stylesheet"/> <meta charset="utf-8"/> </head> <body> <div class="container"> <div class="warning"> This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests are now tracked at the <a href="https://github.com/splitbrain/dokuwiki/issues">issue tracker at Github</a>. </div> <div class="resolution"> <strong>Closed</strong><br /> Fixed </div> <h1>FS#2561 XSS in lib/exe/ajax.php</h1> <h2>Security</h2> <ul class="tasks"> <li class="task"> <div class="taskhead"> <img src="http://www.gravatar.com/avatar/b6b4d7dbe3fb7cf61b68e36cd80f8698?d=monsterid&s=48" align="left"/> <p class="text"> <span class="date">2012-07-13</span> <span class="user">andi</span> </p> </div> <div class="tasktext"> Secunia Research has discovered a cross-site scripting vulnerability in DokuWiki and contact you to attempt a coordinated disclosure.<br /> <br /> Input passed to the &quot;ns&quot; POST parameter in lib/exe/ajax.php (when &quot;call&quot; is set to &quot;medialist&quot; and &quot;do&quot; is set to &quot;media&quot;) is not properly sanitised within the &quot;tpl_mediaFileList()&quot; function in inc/template.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user&#039;s browser session in context of an affected site.<br /> <br /> The vulnerability is confirmed in version 2012-01-25a. Other versions may also be affected.<br /> <br /> We have assigned this vulnerability Secunia advisory SA49196. </div> </li> <li class="task"> <div class="taskhead"> <img src="http://www.gravatar.com/avatar/9a38887baf481569db05e89d38bc5797?d=monsterid&s=48" align="left"/> <p class="text"> <span class="date">2012-07-13</span> <span class="user">adrianlang</span> </p> </div> <div class="tasktext"> Older versions are not affected. </div> </li> <li class="task"> <div class="taskhead"> <img src="http://www.gravatar.com/avatar/9a38887baf481569db05e89d38bc5797?d=monsterid&s=48" align="left"/> <p class="text"> <span class="date">2012-07-13</span> <span class="user">adrianlang</span> </p> </div> <div class="tasktext"> <a href="https://github.com/splitbrain/dokuwiki/commit/c98f205e8a6265654072c7d3fea952552837b819">c98f205e</a> </div> </li> <li class="task"> <div class="taskhead"> <img src="http://www.gravatar.com/avatar/b6b4d7dbe3fb7cf61b68e36cd80f8698?d=monsterid&s=48" align="left"/> <p class="text"> <span class="date">2012-07-13</span> <span class="user">andi</span> </p> </div> <div class="tasktext"> The problem was fixed in commit c98f205e8a6265654072c7d3fea952552837b819. Versions before Angua are not affected.<br /> <br /> A new stable tarball named 2012-01-25b was released to incorporate the hotfix and can be downloaded at<a href=" http://www.splitbrain.org/projects/dokuwiki"> http://www.splitbrain.org/projects/dokuwiki</a> </div> </li> </ul> </div> </body> </html>