Khashayar Fereidani has discovered a vulnerability in DocuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed via the "target" parameter to doku.php (when "do" is set to "edit") is not properly sanitised in inc/html.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is confirmed in version 2012-01-25. Other versions may also be affected.
Edit the source code to ensure that input is properly sanitised(unpatched).
Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25
Angua allows remote attackers to inject arbitrary web script or HTML via the
target parameter in an edit action.
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php
in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the
authentication of administrators for requests that add arbitrary users.
NOTE: this issue has been disputed by the vendor, who states that it is
resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to
extract a valid CSRF token."
FWIW I just bumped dokuwiki to 20121013. Feel free to mark stable after tests have checked it out. Not sure if that version has the fix in it or not.
This issue was resolved and addressed in
GLSA 201301-07 at http://security.gentoo.org/glsa/glsa-201301-07.xml
by GLSA coordinator Stefan Behte (craig).