 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2014.0540 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2014-0540) |
| Summary: | The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0540 advisory. |
| Description: | Summary: The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0540 advisory. Vulnerability Insight: Updated dokuwiki package fix a security vulnerability: Our current dokuwiki-20140929-1.1.mga4 package uses dokuwiki-2014-09-29a source which allows swf (application/x-shockwave-flash) uploads by default. This may be used for Cross-site scripting (XSS) attack which enables attackers to inject client-side script into Web pages viewed by other users. (CVE-2014-9253). This update uses dokuwiki-2014-09-29b hotfix source which disables swf uploads by default and fixes the issue. Affected Software/OS: 'dokuwiki' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9253 BugTraq ID: 71671 http://www.securityfocus.com/bid/71671 http://security.szurek.pl/dokuwiki-20140929a-xss.html http://seclists.org/oss-sec/2014/q4/1050 http://www.securitytracker.com/id/1031369 XForce ISS Database: dokuwiki-cve20149253-xss(99291) https://exchange.xforce.ibmcloud.com/vulnerabilities/99291 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |