ikiwiki ikiwiki vulnerabilities and exploits

(subscribe to this query)

ikiwiki prior to 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS)...

Ikiwiki Ikiwiki Ikiwiki Ikiwiki 1.0 Ikiwiki Ikiwiki 1.1 Ikiwiki Ikiwiki 1.1.47 Ikiwiki Ikiwiki 1.2 Ikiwiki Ikiwiki 1.3 Ikiwiki Ikiwiki 1.4 Ikiwiki Ikiwiki 1.5 Ikiwiki Ikiwiki 1.6 Ikiwiki Ikiwiki 1.7 Ikiwiki Ikiwiki 1.8 Ikiwiki Ikiwiki 1.9

Incomplete blacklist vulnerability in the teximg plugin in ikiwiki prior to 3.1415926 and 2.x prior to 2.53.4 allows context-dependent malicious users to read arbitrary files via crafted TeX commands.

Ikiwiki Ikiwiki Ikiwiki Ikiwiki 2.0 Ikiwiki Ikiwiki 2.00 Ikiwiki Ikiwiki 2.1 Ikiwiki Ikiwiki 2.2 Ikiwiki Ikiwiki 2.3 Ikiwiki Ikiwiki 2.4 Ikiwiki Ikiwiki 2.5 Ikiwiki Ikiwiki 2.6 Ikiwiki Ikiwiki 2.6.1 Ikiwiki Ikiwiki 2.7 Ikiwiki Ikiwiki 2.8

Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki prior to 3.20120516 allow remote malicious users to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.

Ikiwiki Ikiwiki Ikiwiki Ikiwiki 1.0 Ikiwiki Ikiwiki 1.1 Ikiwiki Ikiwiki 1.1.47 Ikiwiki Ikiwiki 1.2 Ikiwiki Ikiwiki 1.3 Ikiwiki Ikiwiki 1.4 Ikiwiki Ikiwiki 1.5 Ikiwiki Ikiwiki 1.6 Ikiwiki Ikiwiki 1.7 Ikiwiki Ikiwiki 1.8 Ikiwiki Ikiwiki 1.9

Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x prior to 2.53.5 and 3.x prior to 3.20100312 allows remote malicious users to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.

Ikiwiki Ikiwiki 2.0 Ikiwiki Ikiwiki 2.1 Ikiwiki Ikiwiki 2.2 Ikiwiki Ikiwiki 2.3 Ikiwiki Ikiwiki 2.4 Ikiwiki Ikiwiki 2.5 Ikiwiki Ikiwiki 2.10 Ikiwiki Ikiwiki 2.11 Ikiwiki Ikiwiki 2.12 Ikiwiki Ikiwiki 2.13 Ikiwiki Ikiwiki 2.14 Ikiwiki Ikiwiki 2.15

Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 up to and including 2.47 allows remote malicious users to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty passw...

Ikiwiki Ikiwiki 1.5 Ikiwiki Ikiwiki 1.34 Ikiwiki Ikiwiki 1.34.1 Ikiwiki Ikiwiki 1.34.2 Ikiwiki Ikiwiki 1.35 Ikiwiki Ikiwiki 1.36 Ikiwiki Ikiwiki 1.37 Ikiwiki Ikiwiki 1.38 Ikiwiki Ikiwiki 1.39 Ikiwiki Ikiwiki 1.40 Ikiwiki Ikiwiki 1.41 Ikiwiki Ikiwiki 1.42

ikiwiki prior to 3.20170111.1 and 3.2018x and 3.2019x prior to 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.

Ikiwiki Ikiwiki Ikiwiki Ikiwiki 3.20180105 Ikiwiki Ikiwiki 3.20180228 Ikiwiki Ikiwiki 3.20180311

Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki prior to 1.1.47 allows remote malicious users to inject arbitrary web script or HTML via meta tags.

Ikiwiki Ikiwiki Ikiwiki Ikiwiki 1.33.3 Ikiwiki Ikiwiki 2.31

Multiple cross-site scripting (XSS) vulnerabilities in the site creation interface in ikiwiki-hosting prior to 0.20131025 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Ikiwiki Hosting Project Ikiwiki Hosting Ikiwiki Hosting Project Ikiwiki Hosting 0.20110401 Ikiwiki Hosting Project Ikiwiki Hosting 0.20110420 Ikiwiki Hosting Project Ikiwiki Hosting 0.20110424 Ikiwiki Hosting Project Ikiwiki Hosting 0.20110515 Ikiwiki Hosting Project Ikiwiki Hosting 0.20110608 Ikiwiki Hosting Project Ikiwiki Hosting 0.20110926 Ikiwiki Hosting Project Ikiwiki Hosting 0.20111005 Ikiwiki Hosting Project Ikiwiki Hosting 0.20120125 Ikiwiki Hosting Project Ikiwiki Hosting 0.20120131 Ikiwiki Hosting Project Ikiwiki Hosting 0.20120425 Ikiwiki Hosting Project Ikiwiki Hosting 0.20120526

Cross-site request forgery (CSRF) vulnerability in Ikiwiki prior to 2.42 allows remote malicious users to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

Ikiwiki Ikiwiki

Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki prior to 1.1.46 allows remote malicious users to inject arbitrary web script or HTML via title contents.

Ikiwiki Ikiwiki

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook