{"id":"CVE-2017-12980","details":"DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.","modified":"2026-04-10T03:56:54.963209Z","published":"2017-08-21T07:29:00.313Z","references":[{"type":"FIX","url":"https://github.com/splitbrain/dokuwiki/issues/2081"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/splitbrain/dokuwiki","events":[{"introduced":"0"},{"last_affected":"a5690a8c536c2fc9bdb8871714c9978ea2c19c98"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2017-02-19c"}]}}],"versions":["release-2005-07-01","release-2005-07-13","release-2005-09-19","release-2005-09-22","release-2006-03-05","release-2006-03-09","release-2006-09-28rc","release-2006-10-08rc","release-2006-10-19rc","release-2006-11-06","release-2007-05-24rc","release-2007-06-26","release-2008-03-31rc","release-2008-04-11rc","release-2008-05-04","release-2008-05-05","release-2009-01-26rc","release-2009-01-30rc","release-2009-02-06rc","release-2009-02-14","release-2009-12-02rc","release-2009-12-25","release-2010-10-07rc","release-2010-10-27rc","release-2010-11-07","release-2010-11-07a","release-2010-11-07b","release-2013-12-08a","release-2014-05-05b","release-2014_05_05c","release-2014_05_05d","release-2014_05_05e","release-2016-06-26b","release-2016-06-26c","release-2016-06-26d","release-2016-06-26e","release-2017-02-19f","release-2017-02-19g"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12980.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}