Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ikiwiki
(Ikiwiki)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 18 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2011-04-11 | CVE-2011-1401 | ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet. | Ikiwiki | N/A | ||
2010-03-31 | CVE-2010-1195 | Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. | Ikiwiki | N/A | ||
2009-08-31 | CVE-2009-2944 | Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands. | Ikiwiki | N/A | ||
2008-02-19 | CVE-2008-0809 | Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents. | Ikiwiki | N/A | ||
2008-02-19 | CVE-2008-0808 | Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags. | Ikiwiki | N/A | ||
2008-06-03 | CVE-2008-0169 | Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. | Ikiwiki | N/A | ||
2008-04-21 | CVE-2008-0165 | Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. | Ikiwiki | N/A |