Volerion logoVolerion
Volerion logoVolerion

DokuWiki Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in DokuWiki version 2025-05-14a 'Librarian'. This vulnerability allows remote attackers to execute arbitrary code by injecting malicious scripts into the search query parameter. The issue arises because the application does not properly sanitize user input, particularly in the namespace selector of the advanced search tools.

Impact

Exploitation of this vulnerability allows for unauthenticated reflected cross-site scripting, where an attacker can execute scripts in the context of the victim's session. This could lead to session hijacking, information disclosure, or other malicious activities.

Reproduction

To reproduce this vulnerability, send a GET request to the DokuWiki search page with a crafted query parameter that includes JavaScript code, such as a script tag. When the link is clicked, the injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update DokuWiki to version 2025-05-14b or later. Versions prior to 2025-05-14a 'Librarian' may also be affected.

Added: Oct 6, 2025, 4:20 PM
Updated: Oct 6, 2025, 4:20 PM

Vulnerability Rating

Custom Algorithm
spread
6.2
impact
10.0
exploitability
7.7
remediation
7.7
relevance
0.6
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.