CVE-2024-42758

MEDIUM

Dokuwiki indexmenu plugin v2024-01-05 - XSS

Title source: llm

Description

A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS.

Exploits (1)

nomisec WRITEUP

by 1s1ldur · poc

https://github.com/1s1ldur/CVE-2024-42758

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/1s1ldur/CVE-2024-42758/blob/main/README.md

[Various Sources] https://github.com/samuelet/indexmenu

[Various Sources] https://github.com/dokuwiki/dokuwiki

[Issue Tracking] https://github.com/samuelet/indexmenu/issues/317

Scores

CVSS v3 5.4

EPSS 0.0189

EPSS Percentile 83.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Aug 16, 2024

Tracked Since Feb 18, 2026