NotCVE - vendor:"Foswiki" product:"Foswiki" version:"1.1.3"

4 results (0.001 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-33756

https://notcve.org/view.php?id=CVE-2023-33756

08 Aug 2023 — An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. • https://foswiki.org/Support/SecurityAlert-CVE-2023-33756 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0

CVE-2013-1666

https://notcve.org/view.php?id=CVE-2013-1666

01 Nov 2019 — Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. Foswiki versiones anteriores a 1.1.8, contiene una vulnerabilidad de inyección de código en la macro MAKETEXT. • http://foswiki.org/Support/SecurityAlert-CVE-2013-1666 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 73%CPEs: 16EXPL: 1

CVE-2012-6330 – Foswiki MAKETEXT - Remote Command Execution

https://notcve.org/view.php?id=CVE-2012-6330

04 Jan 2013 — The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro. La funcionalidad de localización en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegación de servicio (consumo de memoria)a través de un entero largo en una macro %MAKETEXT%. • https://www.exploit-db.com/exploits/23580 • CWE-189: Numeric Errors •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

CVE-2012-1004

https://notcve.org/view.php?id=CVE-2012-1004

08 Feb 2012 — Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party i... • http://foswiki.org/Support/SecurityAlert-CVE-2012-1004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •