Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ikiwiki ikiwiki vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2010-1673
A cross-site scripting (XSS) vulnerability in ikiwiki prior to 3.20101112 allows remote malicious users to inject arbitrary web script or HTML via a comment.
Ikiwiki Ikiwiki
383
VMScore
CVE-2011-0428
Cross Site Scripting (XSS) in ikiwiki prior to 3.20110122 could allow remote malicious users to insert arbitrary JavaScript due to insufficient checking in comments.
Ikiwiki Ikiwiki
383
VMScore
CVE-2008-0809
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki prior to 1.1.46 allows remote malicious users to inject arbitrary web script or HTML via title contents.
Ikiwiki Ikiwiki
445
VMScore
CVE-2016-10026
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote malicious users to revert certain changes by leveraging permissions to change the ...
Ikiwiki Ikiwiki 3.20161219
383
VMScore
CVE-2016-4561
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki prior to 3.20160506 might allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving an error message.
Ikiwiki Ikiwiki
Debian Debian Linux 8.0
668
VMScore
CVE-2017-0356
A flaw, similar to to CVE-2016-9646, exists in ikiwiki prior to 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an malicious user to bypass authentication via repeated parameters.
Ikiwiki Ikiwiki
Debian Debian Linux 7.0
Debian Debian Linux 8.0
383
VMScore
CVE-2015-2793
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki prior to 3.20150329 allows remote malicious users to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
Ikiwiki Ikiwiki
Fedoraproject Fedora 22
Fedoraproject Fedora 20
Fedoraproject Fedora 21
445
VMScore
CVE-2016-9646
ikiwiki prior to 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Ikiwiki Ikiwiki
Debian Debian Linux 9.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
570
VMScore
CVE-2011-1408
ikiwiki prior to 3.20110608 allows remote malicious users to hijack root's tty and run symlink attacks.
Ikiwiki Ikiwiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2