Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ikiwiki ikiwiki vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2010-1673
A cross-site scripting (XSS) vulnerability in ikiwiki prior to 3.20101112 allows remote malicious users to inject arbitrary web script or HTML via a comment.
Ikiwiki Ikiwiki
4.3
CVSSv2
CVE-2008-0809
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki prior to 1.1.46 allows remote malicious users to inject arbitrary web script or HTML via title contents.
Ikiwiki Ikiwiki
4.3
CVSSv2
CVE-2008-0165
Cross-site request forgery (CSRF) vulnerability in Ikiwiki prior to 2.42 allows remote malicious users to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
Ikiwiki Ikiwiki
5
CVSSv2
CVE-2016-10026
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote malicious users to revert certain changes by leveraging permissions to change the ...
Ikiwiki Ikiwiki 3.20161219
4.3
CVSSv2
CVE-2016-4561
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki prior to 3.20160506 might allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving an error message.
Ikiwiki Ikiwiki
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2017-0356
A flaw, similar to to CVE-2016-9646, exists in ikiwiki prior to 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an malicious user to bypass authentication via repeated parameters.
Ikiwiki Ikiwiki
Debian Debian Linux 7.0
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2015-2793
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki prior to 3.20150329 allows remote malicious users to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
Ikiwiki Ikiwiki
Fedoraproject Fedora 22
Fedoraproject Fedora 20
Fedoraproject Fedora 21
5
CVSSv2
CVE-2016-9646
ikiwiki prior to 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Ikiwiki Ikiwiki
Debian Debian Linux 9.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
6.4
CVSSv2
CVE-2011-1408
ikiwiki prior to 3.20110608 allows remote malicious users to hijack root's tty and run symlink attacks.
Ikiwiki Ikiwiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2