Bug#1036279: XSS in RSS syntax

[Salvatore Bonaccorso]

Control: retitle -1 dokuwiki: CVE-2023-34408: XSS in RSS syntax

Hi,

On Thu, May 18, 2023 at 03:19:05PM +0200, Moritz Muehlenhoff wrote:
> Source: dokuwiki
> Version: 0.0.20220731.a-1
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team 
> 
> No CVE yet:
> https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
> https://github.com/dokuwiki/dokuwiki/pull/3967
> https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de

CVE-2023-34408 has been assigned for this issue.

Regards,
Salvatore

Bug#1036279: XSS in RSS syntax

[Axel Beckert]

Hi Moritz,

Moritz Muehlenhoff wrote:
> Severity: grave

Thanks for the severity assessment by the security team. I wasn't
really sure if this is RC or "just important".

I've had a look at the new upstream tar balls, but the diff is
unfortunately huge:

$ tardiff dokuwiki-2022-07-31{a,b}.tgz
- composer.json
- composer.lock
- data/pages/playground
- data/pages/playground/playground.txt
- lib/plugins/authpdo/_test
- lib/plugins/authpdo/_test/mysql
- lib/plugins/authpdo/_test/mysql.test.php
- lib/plugins/authpdo/_test/mysql/fluxbb.php
- lib/plugins/authpdo/_test/mysql/fluxbb.sql
- lib/plugins/authpdo/_test/mysql/mybb.php
- lib/plugins/authpdo/_test/mysql/mybb.sql
- lib/plugins/authpdo/_test/mysql/wordpress.php
- lib/plugins/authpdo/_test/mysql/wordpress.sql
- lib/plugins/authpdo/_test/pgsql
- lib/plugins/authpdo/_test/pgsql.test.php
- lib/plugins/authpdo/_test/pgsql/django.php
- lib/plugins/authpdo/_test/pgsql/django.sql
- lib/plugins/authpdo/_test/sqlite.test.php
- lib/plugins/authpdo/_test/test.sqlite3
- lib/plugins/authplain/_test
- lib/plugins/authplain/_test/conf
- lib/plugins/authplain/_test/conf/auth.users.php
- lib/plugins/authplain/_test/escaping.test.php
- lib/plugins/authplain/_test/userdata.test.php
- lib/plugins/config/_test
- lib/plugins/config/_test/ConfigParserTest.php
- lib/plugins/config/_test/DocumentationTest.php
- lib/plugins/config/_test/LoaderExtraDefaultsTest.php
- lib/plugins/config/_test/LoaderTest.php
- lib/plugins/config/_test/Setting
- lib/plugins/config/_test/Setting/AbstractSettingTest.php
- lib/plugins/config/_test/Setting/SettingArrayTest.php
- lib/plugins/config/_test/Setting/SettingNumericTest.php
- lib/plugins/config/_test/Setting/SettingNumericoptTest.php
- lib/plugins/config/_test/Setting/SettingOnoffTest.php
- lib/plugins/config/_test/Setting/SettingStringTest.php
- lib/plugins/config/_test/Setting/SettingTest.php
- lib/plugins/config/_test/WriterTest.php
- lib/plugins/config/_test/data
- lib/plugins/config/_test/data/config.php
- lib/plugins/config/_test/data/metadata.php
- lib/plugins/extension/_test
- lib/plugins/extension/_test/extension.test.php
- lib/plugins/extension/_test/testdata
- lib/plugins/extension/_test/testdata/either1
- lib/plugins/extension/_test/testdata/either1/script.js
- lib/plugins/extension/_test/testdata/eithersub2
- lib/plugins/extension/_test/testdata/eithersub2/either2
- lib/plugins/extension/_test/testdata/eithersub2/either2/script.js
- lib/plugins/extension/_test/testdata/plgfoo5
- lib/plugins/extension/_test/testdata/plgfoo5/plugin.info.txt
- lib/plugins/extension/_test/testdata/plgsub3
- lib/plugins/extension/_test/testdata/plgsub3/plugin3
- lib/plugins/extension/_test/testdata/plgsub3/plugin3/syntax.php
- lib/plugins/extension/_test/testdata/plgsub4
- lib/plugins/extension/_test/testdata/plgsub4/plugin4
- lib/plugins/extension/_test/testdata/plgsub4/plugin4/plugin.info.txt
- lib/plugins/extension/_test/testdata/plgsub6
- lib/plugins/extension/_test/testdata/plgsub6/plgfoo6
- lib/plugins/extension/_test/testdata/plgsub6/plgfoo6/plugin.info.txt
- lib/plugins/extension/_test/testdata/plugin1
- lib/plugins/extension/_test/testdata/plugin1/syntax.php
- lib/plugins/extension/_test/testdata/plugin2
- lib/plugins/extension/_test/testdata/plugin2/plugin.info.txt
- lib/plugins/extension/_test/testdata/template1
- lib/plugins/extension/_test/testdata/template1/main.php
- lib/plugins/extension/_test/testdata/template1/style.ini
- lib/plugins/extension/_test/testdata/template2
- lib/plugins/extension/_test/testdata/template2/template.info.txt
- lib/plugins/extension/_test/testdata/tplfoo5
- lib/plugins/extension/_test/testdata/tplfoo5/template.info.txt
- lib/plugins/extension/_test/testdata/tplsub3
- lib/plugins/extension/_test/testdata/tplsub3/template3
- lib/plugins/extension/_test/testdata/tplsub3/template3/main.php
- lib/plugins/extension/_test/testdata/tplsub3/template3/style.ini
- lib/plugins/extension/_test/testdata/tplsub4
- lib/plugins/extension/_test/testdata/tplsub4/template4
- lib/plugins/extension/_test/testdata/tplsub4/template4/template.info.txt
- lib/plugins/extension/_test/testdata/tplsub6
- lib/plugins/extension/_test/testdata/tplsub6/tplfoo6
- lib/plugins/extension/_test/testdata/tplsub6/tplfoo6/template.info.txt
- lib/plugins/styling/.travis.yml
- lib/plugins/styling/_test
- lib/plugins/styling/_test/colors.test.php
- lib/plugins/styling/_test/general.test.php
- lib/plugins/testing
- lib/plugins/testing/_test
- lib/plugins/testing/_test/dummy_plugin_integration_test.test.php
- lib/plugins/testing/_test/dummy_plugin_test.test.php
- lib/plugins/testing/action.php
- lib/plugins/testing/conf
- lib/plugins/testing/conf/default.php
- lib/plugins/testing/conf/metadata.php
- lib/plugins/testing/lang
- lib/plugins/testing/lang/en
- lib/plugins/testing/lang/en/settings.php
- lib/plugins/testing/plugin.info.txt
- lib/plugins/usermanager/_test
- lib/plugins/usermanager/_test/csv_export.test.php
- 

Bug#1036279: XSS in RSS syntax

[Moritz Muehlenhoff]

Source: dokuwiki
Version: 0.0.20220731.a-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

No CVE yet:
https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
https://github.com/dokuwiki/dokuwiki/pull/3967
https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de

Cheers,
 Moritz