Andreas Gohr

3 exploits Active since Mar 2015
CVE-2015-2172 WRITEUP WRITEUP
DokuWiki < 2014-05-05d - Authenticated Privilege Escalation via XMLRPC API
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.
CVE-2022-3123 WRITEUP MEDIUM WRITEUP
DokuWiki < 2022-07-31a - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
CVSS 6.1
CVE-2023-34408 WRITEUP MEDIUM WRITEUP
DokuWiki < 2023-04-04a - Cross-Site Scripting via RSS Titles
DokuWiki before 2023-04-04a allows XSS via RSS titles.
CVSS 5.4