OSVDB-115695: DokuWiki Reflected XSS via Malicious SWF Upload
OSVDB ID: 115695 · Class: Reflected cross-site scripting (XSS) · Affected: DokuWiki instances allowing file upload of Flash (SWF) content.
Summary
OSVDB-115695 documents a reflected cross-site scripting vulnerability in DokuWiki. An attacker who holds upload permission on a vulnerable wiki can upload a specially crafted SWF (Flash) file. When a victim follows a crafted link to that SWF, script executes in the context of the wiki origin, enabling XSS against the victim’s session.
CVSS scoring
This vulnerability is used as an official worked example in the FIRST.org CVSS v3.0 Examples documentation.
- CVSS v2 Base Score: 4.3
- CVSS v3.0 Base Score: 5.4
- Vector highlights (v3.0): Attack Vector: Network; Attack Complexity: Low; Privileges Required: Low (attacker must have upload permission); User Interaction: Required (victim must follow the link); Scope: Changed — the flaw is served from the web server but its impact lands in the victim’s browser, crossing a security authority boundary.
Why Scope is "Changed"
The Scope:Changed metric is the instructive part of this example: the vulnerable component (the DokuWiki server hosting the SWF) is not the component that suffers the impact (the victim’s browser / their authenticated session). CVSS v3.0 introduced Scope precisely to capture this kind of cross-boundary XSS, which is why FIRST selected it as a teaching case.
Mitigation
- Disallow upload of active content types (SWF and similar) or serve uploads from a sandboxed, cookieless origin with
Content-Disposition: attachment. - Set a restrictive
Content-Security-PolicyandX-Content-Type-Options: nosniff. - Keep DokuWiki updated; restrict the upload ACL to trusted roles only.
References & archive note
This entry preserves the record originally catalogued as OSVDB-115695 in the Open Source Vulnerability Database and referenced in FIRST’s CVSS v3.0 example set. OSVDB shut down in 2016; Secably maintains a topical archive of referenced OSVDB identifiers so that standards and research citations continue to resolve to accurate vulnerability information.
Related Posts
OSVDB-97562: OAuth Protocol HMAC Timing Disclosure Weakness
Unpacking the First Documented Agentic — Impact, Detection, and Remediation