This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Fixed
FS#2918 XSS vulnerability in the plugin management section
Security
2014-01-21w4t0x0D
The "url" parameter is not properly sanitized when submitting a POST request to download and install a new plugin, therefore allowing the user to perform a reflected XSS attack.
The vulnerability is confirmed in version rc2013-10-28 (Binky) but other previous versions may also be affected.
2014-01-27andi
This had already been fixed here 9e8bcd5f Since the vulnerability is not exploitable without admin access we did not issue a hotfix release.
Please also not that the plugin manager will be replaced by the extension manager in the next release.