DokuWiki: Cross-site scripting vulnerability — GLSA 200704-08

DokuWiki is vulnerable to a cross-site scripting attack.

Affected packages

www-apps/dokuwiki on all architectures
Affected versions < 20061106
Unaffected versions >= 20061106

Background

DokuWiki is a simple to use wiki aimed at creating documentation.

Description

DokuWiki does not sanitize user input to the GET variable 'media' in the fetch.php file.

Impact

An attacker could entice a user to click a specially crafted link and inject CRLF characters into the variable. This would allow the creation of new lines or fields in the returned HTTP Response header, which would permit the attacker to execute arbitrary scripts in the context of the user's browser.

Workaround

Replace the following line in lib/exe/fetch.php:

$MEDIA = getID('media',false); // no cleaning - maybe external

with

$MEDIA = preg_replace('/[\x00-\x1F]+/s','',getID('media',false));

Resolution

All DokuWiki users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20061106"

References

Release date
April 12, 2007

Latest revision
April 12, 2007: 01

Severity
low

Exploitable
remote

Bugzilla entries