CVE-2024-42758: XSS
First published: Fri Aug 16 2024(Updated: )
A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is then stored in .txt file (due to nature of how Dokuwiki is designed), which presents stored XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dokuwiki indexmenu plugin | ||
| DokuWiki |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-42758?
CVE-2024-42758 is categorized as a Cross-site Scripting (XSS) vulnerability, which can be severe depending on the context of its exploit.
How do I fix CVE-2024-42758?
To fix CVE-2024-42758, update the indexmenu plugin to the latest version that addresses this vulnerability.
Who is affected by CVE-2024-42758?
CVE-2024-42758 affects users of the Dokuwiki indexmenu plugin when it is used and enabled in Dokuwiki.
What kind of attack can be executed due to CVE-2024-42758?
An attacker can execute Cross-site Scripting (XSS) payloads to manipulate users' interactions within Dokuwiki.
When was CVE-2024-42758 disclosed?
CVE-2024-42758 was disclosed on January 5, 2024.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- vendor/dokuwiki
- canonical/dokuwiki indexmenu plugin
- canonical/dokuwiki