N/A

CVE编号

CVE-2024-42758

利用情况

暂无

补丁情况

N/A

披露时间

2024-08-17

漏洞描述

A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://github.com/1s1ldur/CVE-2024-42758/blob/main/README.md
https://github.com/dokuwiki/dokuwiki
https://github.com/samuelet/indexmenu
https://github.com/samuelet/indexmenu/issues/317

CVSS3评分 N/A

• 攻击路径 N/A
• 攻击复杂度 N/A
• 权限要求 N/A
• 影响范围 N/A
• 用户交互 N/A
• 可用性 N/A
• 保密性 N/A
• 完整性 N/A

N/A

CWE-ID	漏洞类型

Exp相关链接

- avd.aliyun.com