This is the old issue tracking system for DokuWiki. Issues can not be added here anymore. Pleaser refer to for the new system.


FS#2561 - XSS in lib/exe/ajax.php

Attached to Project: DokuWiki
Opened by Andreas Gohr (andi) - Friday, 13 July 2012, 11:22 GMT
Last edited by Adrian Lang (adrianlang) - Friday, 13 July 2012, 11:26 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Operating System All
Severity Low
Priority Normal
Reported Version 2012-01-25 "Angua"
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Secunia Research has discovered a cross-site scripting vulnerability in DokuWiki and contact you to attempt a coordinated disclosure.

Input passed to the "ns" POST parameter in lib/exe/ajax.php (when "call" is set to "medialist" and "do" is set to "media") is not properly sanitised within the "tpl_mediaFileList()" function in inc/template.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2012-01-25a. Other versions may also be affected.

We have assigned this vulnerability Secunia advisory SA49196.
This task depends upon

Closed by  Adrian Lang (adrianlang)
Friday, 13 July 2012, 11:26 GMT
Reason for closing:  Fixed
Additional comments about closing:  c98f205e
Comment by Adrian Lang (adrianlang) - Friday, 13 July 2012, 11:25 GMT
Older versions are not affected.
Comment by Andreas Gohr (andi) - Friday, 13 July 2012, 11:31 GMT
The problem was fixed in commit c98f205e8a6265654072c7d3fea952552837b819. Versions before Angua are not affected.

A new stable tarball named 2012-01-25b was released to incorporate the hotfix and can be downloaded at