CVE-2024-42758

MEDIUM

Dokuwiki indexmenu plugin v2024-01-05 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42758. PoCs published by 1s1ldur.

AI-analyzed exploit summary This repository documents a stored XSS vulnerability in the indexmenu plugin for Dokuwiki (v2024-01-05). The vulnerability allows attackers to inject malicious scripts via page creation/editing, which are then stored and executed when accessed.

Description

A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS.

Exploits (1)

nomisec WRITEUP
by 1s1ldur · poc
https://github.com/1s1ldur/CVE-2024-42758

This repository documents a stored XSS vulnerability in the indexmenu plugin for Dokuwiki (v2024-01-05). The vulnerability allows attackers to inject malicious scripts via page creation/editing, which are then stored and executed when accessed.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Dokuwiki with indexmenu plugin v2024-01-05
Auth required
Prerequisites: Dokuwiki with vulnerable indexmenu plugin enabled · Ability to create/edit pages
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0070
EPSS Percentile 48.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Aug 16, 2024
Tracked Since Feb 18, 2026