Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 868624 (CVE-2022-3123)

Summary: <www-apps/dokuwiki-20230404a: reflected XSS
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: ajak, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345
See Also: https://bugs.gentoo.org/show_bug.cgi?id=876244
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-05 16:56:07 UTC 
CVE-2022-3123:

Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.

Patch: https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6

I guess the fixed version is right, there is such a tag made the same
day as the patch, but not sure if the patch is actually in the tag?

 $ git tag --contains 63e9a247c072008a031f9db39fa496f6aca489b6
 $