CVE-2025-61224

MEDIUM NUCLEI

DokuWiki 2025-05-14a - Cross-Site Scripting via q Parameter

Title source: llm

CVE-2025-61224 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter

DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting

MEDIUMVERIFIEDby lolkatz,0x_Akoko

Shodan: http.html:"content=\"DokuWiki"

FOFA: body="content=\"DokuWiki"

Core 2

Core References

Various Sources

Issue Tracking

CVSS v3 6.5

EPSS 0.0101

EPSS Percentile 58.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

CWE

CWE-79

Status published

Published Oct 06, 2025

Tracked Since Feb 18, 2026