CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9645 – Editing restriction bypass for git revert
https://notcve.org/view.php?id=CVE-2016-9645
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. La solución para ikiwiki para CVE-2016-10026 era incompleta, lo que resulta en la omisión de las restricciones de edición para git revert al emplear las versiones de git inferiores a la 2.8.0. Esto se ha solucionado en 3.20161229. • https://ikiwiki.info/security/#cve-2016-9645 https://marc.info/?l=oss-security&m=148304341511854&w=2 https://security-tracker.debian.org/tracker/CVE-2016-9645 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9646 – Commit metadata forgery via CGI::FormBuilder context-dependent APIs
https://notcve.org/view.php?id=CVE-2016-9646
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. ikiwiki, en versiones anteriores a la 3.20161229, llamó incorrectamente al método CGI::FormBuilder->field (similar a la API CGI->param que desembocó en el CVE-2014-1572 de Bugzilla), que puede aprovecharse para falsificar metadatos del commit. • https://ikiwiki.info/security/#cve-2016-9646 https://marc.info/?l=oss-security&m=148304341511854&w=2 https://security-tracker.debian.org/tracker/CVE-2016-9646 https://www.debian.org/security/2017/dsa-3760 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1CVE-2017-0356 – Authentication bypass via repeated parameters
https://notcve.org/view.php?id=CVE-2017-0356
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. Existe un error similar a CVE-2016-9646 en ikiwiki, en versiones anteriores a la 3.20170111, en el uso del plugin passwordauth de CGI::FormBuilder. Esto permite que un atacante omita la autenticación mediante parámetros repetidos. • http://www.securityfocus.com/bid/95420 https://ikiwiki.info/security/#cve-2017-0356 https://marc.info/?l=oss-security&m=148418234314276&w=2 https://www.debian.org/security/2017/dsa-3760 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4561
https://notcve.org/view.php?id=CVE-2016-4561
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. Vulnerabilidad de XSS en la función cgierror en CGI.pm en ikiwiki en versiones anteriores a 3.20160506 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados que implican un mensaje de error. • http://ikiwiki.info/security/#index43h2 http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7 http://www.debian.org/security/2016/dsa-3571 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 178EXPL: 0CVE-2012-0220
https://notcve.org/view.php?id=CVE-2012-0220
Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin en Plugin/meta.pm en ikiwiki anterior a v3.20120516 , permite a atacantes remotos inyectar secuencias de comandos web o HTML a través (1) del parámetro author o (2) de la meta etiqueta authorurl. • http://ikiwiki.info/news/version_3.20120516 http://osvdb.org/81995 http://secunia.com/advisories/49199 http://secunia.com/advisories/49232 http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f http://www.debian.org/security/2012/dsa-2474 http://www.securityfocus.com/bid/53599 https://exchange.xforce.ibmcloud.com/vulnerabilities/75702 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •