Page 3 of 18 results (0.016 seconds)

CVSS: 4.3EPSS: 0%CPEs: 178EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin en Plugin/meta.pm en ikiwiki anterior a v3.20120516 , permite a atacantes remotos inyectar secuencias de comandos web o HTML a través (1) del parámetro author o (2) de la meta etiqueta authorurl. • http://ikiwiki.info/news/version_3.20120516 http://osvdb.org/81995 http://secunia.com/advisories/49199 http://secunia.com/advisories/49232 http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f http://www.debian.org/security/2012/dsa-2474 http://www.securityfocus.com/bid/53599 https://exchange.xforce.ibmcloud.com/vulnerabilities/75702 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 174EXPL: 0

ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet. ikiwiki anterior a v3.20110328 no establece si el plugin htmlscrubber está habilitado durante el proceso de la directiva "meta stylesheet", lo que permite a usuarios autenticados de forma remota conducir un ataque de vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de hojas de estilo en cascada (CSS) manipuladas en (1) la hoja de estilo por defecto o (2) en una hoja de estilo alternativa. • http://ikiwiki.info/security/#index39h2 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html http://secunia.com/advisories/44079 http://secunia.com/advisories/44137 http://www.debian.org/security/2011/dsa-2214 http://www.securityfocus.com/bid/47285 http://www.vupen.com/english/advisories/2011/0907 http://www.vupen.com/english/advisories/2011/1005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0

Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente htmlscrubber en ikiwiki 2.x en versiones anteriores a la 2.53.5 y 3.x en versiones anteriores a la 3.20100312 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante una URI data:image/svg+xml manipulada. • http://ikiwiki.info/security/#index36h2 http://secunia.com/advisories/38983 http://secunia.com/advisories/39048 http://www.debian.org/security/2010/dsa-2020 http://www.vupen.com/english/advisories/2010/0662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 78EXPL: 0

Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands. Vulnerabilidad de lista negra incompleta en el plugin teximg en ikiwiki anterior a v3.1415926 y v2.x anterior a v2.53.4, permite a atacantes dependientes de contexto leer archivos de su elección a través de comando TeX manipulados. • http://ikiwiki.info/security/#index35h2 http://osvdb.org/57575 http://secunia.com/advisories/36516 http://secunia.com/advisories/36539 http://www.debian.org/security/2009/dsa-1875 http://www.securityfocus.com/bid/36181 http://www.vupen.com/english/advisories/2009/2475 https://exchange.xforce.ibmcloud.com/vulnerabilities/52922 •

CVSS: 6.8EPSS: 1%CPEs: 52EXPL: 0

Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. Plugin/passwordauth.pm (también conocido como plugin passwordauth) en ikiwiki versiones de la 1.34 hasta la 2.47, permite a atacantes remotos saltarse la autenticación y login de cualquier cuenta en la que se configura una identidad OpenID y no se configura una contraseña, especificando una contraseña vacía durante la secuencia de login. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770 http://ikiwiki.info/news/version_2.48/index.html http://ikiwiki.info/security/#index33h2 http://secunia.com/advisories/30468 http://www.openwall.com/lists/oss-security/2008/05/31/3 http://www.securityfocus.com/bid/29479 http://www.vupen.com/english/advisories/2008/1710 https://exchange.xforce.ibmcloud.com/vulnerabilities/42798 • CWE-264: Permissions, Privileges, and Access Controls •