English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Ikiwiki 3.20100518

CPE Details

Ikiwiki 3.20100518
ikiwiki
ikiwiki
3.20100518
2011-04-12 12:54 +00:00
2012-01-05 18:27 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:ikiwiki:ikiwiki:3.20100518:*:*:*:*:*:*:*

Informations

Vendor

ikiwiki

Product

ikiwiki

Version

3.20100518

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-2793 2019-11-21 18:48 +00:00 Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
6.1
MEDIUM
CVE-2010-1673 2019-10-30 21:56 +00:00 A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
6.1
MEDIUM
CVE-2011-1408 2019-10-29 18:51 +00:00 ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
8.2
HIGH
CVE-2011-0428 2019-10-29 16:28 +00:00 Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
6.1
MEDIUM
CVE-2019-9187 2019-06-05 15:55 +00:00 ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
7.5
HIGH
CVE-2017-0356 2017-01-10 23:00 +00:00 A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
9.8
CRITICAL
CVE-2016-9646 2016-12-28 23:00 +00:00 ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
5.3
MEDIUM
CVE-2016-4561 2016-05-10 17:00 +00:00 Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
6.1
MEDIUM
CVE-2012-0220 2012-05-29 18:00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.
4.3
CVE-2011-1401 2011-04-11 16:00 +00:00 ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
3.5

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.