Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2011-2510First vendor Publication2011-07-14
VendorCveLast vendor Modification2013-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2510

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15193
 
Oval ID: oval:org.mitre.oval:def:15193
Title: DSA-2320-1 dokuwiki -- regression fix
Description: The dokuwiki update included in Debian Lenny 5.0.9 to address a cross site scripting issue had a regression rendering links to external websites broken. This update corrects that regression.
Family: unix Class: patch
Reference(s): DSA-2320-1
CVE-2011-2510
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): dokuwiki
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application12

OpenVAS Exploits

DateDescription
2011-10-16Name : Debian Security Advisory DSA 2320-1 (dokuwiki)
File : nvt/deb_2320_1.nasl
2011-07-12Name : Fedora Update for dokuwiki FEDORA-2011-8831
File : nvt/gb_fedora_2011_8831_dokuwiki_fc15.nasl
2011-07-08Name : Fedora Update for dokuwiki FEDORA-2011-8816
File : nvt/gb_fedora_2011_8816_dokuwiki_fc14.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
73200DokuWiki RSS Link rss Tag XSS

Nessus® Vulnerability Scanner

DateDescription
2013-01-09Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-07.nasl - Type : ACT_GATHER_INFO
2011-10-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2320.nasl - Type : ACT_GATHER_INFO
2011-07-07Name : The remote Fedora host is missing a security update.
File : fedora_2011-8816.nasl - Type : ACT_GATHER_INFO
2011-07-07Name : The remote Fedora host is missing a security update.
File : fedora_2011-8831.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/48364
CONFIRMhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818
https://bugzilla.redhat.com/show_bug.cgi?id=717146
DEBIANhttp://www.debian.org/security/2011/dsa-2320
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html
GENTOOhttp://security.gentoo.org/glsa/glsa-201301-07.xml
MISChttp://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html
http://www.dokuwiki.org/changes
MLISThttp://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind
http://www.openwall.com/lists/oss-security/2011/06/28/5
http://www.openwall.com/lists/oss-security/2011/06/29/13
SECUNIAhttp://secunia.com/advisories/45009
http://secunia.com/advisories/45190
XFhttp://xforce.iss.net/xforce/xfdb/68122

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:03:19
  • Multiple Updates
2013-08-22 13:18:57
  • Multiple Updates
2013-05-10 23:03:09
  • Multiple Updates