OSVDB-115695: DokuWiki Reflected XSS via Malicious SWF Upload

Secably Research
Jul 07, 2026
2 min read
Vulnerability Research
cvss dokuwiki flash-swf xss

OSVDB ID: 115695 · Class: Reflected cross-site scripting (XSS) · Affected: DokuWiki instances allowing file upload of Flash (SWF) content.

Summary

OSVDB-115695 documents a reflected cross-site scripting vulnerability in DokuWiki. An attacker who holds upload permission on a vulnerable wiki can upload a specially crafted SWF (Flash) file. When a victim follows a crafted link to that SWF, script executes in the context of the wiki origin, enabling XSS against the victim’s session.

CVSS scoring

This vulnerability is used as an official worked example in the FIRST.org CVSS v3.0 Examples documentation.

  • CVSS v2 Base Score: 4.3
  • CVSS v3.0 Base Score: 5.4
  • Vector highlights (v3.0): Attack Vector: Network; Attack Complexity: Low; Privileges Required: Low (attacker must have upload permission); User Interaction: Required (victim must follow the link); Scope: Changed — the flaw is served from the web server but its impact lands in the victim’s browser, crossing a security authority boundary.

Why Scope is "Changed"

The Scope:Changed metric is the instructive part of this example: the vulnerable component (the DokuWiki server hosting the SWF) is not the component that suffers the impact (the victim’s browser / their authenticated session). CVSS v3.0 introduced Scope precisely to capture this kind of cross-boundary XSS, which is why FIRST selected it as a teaching case.

Mitigation

  • Disallow upload of active content types (SWF and similar) or serve uploads from a sandboxed, cookieless origin with Content-Disposition: attachment.
  • Set a restrictive Content-Security-Policy and X-Content-Type-Options: nosniff.
  • Keep DokuWiki updated; restrict the upload ACL to trusted roles only.

References & archive note

This entry preserves the record originally catalogued as OSVDB-115695 in the Open Source Vulnerability Database and referenced in FIRST’s CVSS v3.0 example set. OSVDB shut down in 2016; Secably maintains a topical archive of referenced OSVDB identifiers so that standards and research citations continue to resolve to accurate vulnerability information.

Related Posts

Stronger security starts with visibility.

Scan your website for vulnerabilities and get actionable insights.

Start Free Scan