English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Ikiwiki Ikiwiki 3.20120516

CPE Details

Ikiwiki Ikiwiki 3.20120516
ikiwiki
ikiwiki
3.20120516
2019-11-12 11:59 +00:00
2019-11-12 11:59 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:ikiwiki:ikiwiki:3.20120516:*:*:*:*:*:*:*

Informations

Vendor

ikiwiki

Product

ikiwiki

Version

3.20120516

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-2793 2019-11-21 18:48 +00:00 Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
6.1
MEDIUM
CVE-2019-9187 2019-06-05 15:55 +00:00 ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
7.5
HIGH
CVE-2017-0356 2017-01-10 23:00 +00:00 A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
9.8
CRITICAL
CVE-2016-9646 2016-12-28 23:00 +00:00 ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
5.3
MEDIUM
CVE-2016-4561 2016-05-10 17:00 +00:00 Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
6.1
MEDIUM

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.