CVSS: 4.3EPSS: 17%CPEs: 2EXPL: 0CVE-2007-3930
https://notcve.org/view.php?id=CVE-2007-3930
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. Conflicto de Interpretación entre Microsoft Internet Explorer y DocuWiki versiones anteriores a 2007-06-26b permite a atacantes remotos inyectar scripts JavaScript de su elección y conducir ataques de secuencias de comandos en sitios cruzados (XSS) mientras se comprueba la ortografía de mensajes codificados UTF-8 mediante la función spell_utf8test en lib/exe/spellcheck.php, que dispara identificación de documento HTML y ejecución de script mediante Internet Explorer aún siendo la cabecera Content-Type de tipo text/plain. • http://bugs.splitbrain.org/index.php?do=details&task_id=1195 http://osvdb.org/38319 http://secunia.com/advisories/26150 http://securityreason.com/securityalert/2908 http://wiki.splitbrain.org/wiki%3Achanges http://www.securityfocus.com/archive/1/474144/100/0/threaded http://www.securityfocus.com/bid/24973 http://www.vupen.com/english/advisories/2007/2617 https://exchange.xforce.ibmcloud.com/vulnerabilities/35501 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3195
https://notcve.org/view.php?id=CVE-2007-3195
Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en ERFAN WIKI 1.00 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro title. NOTA: El origen de esta información es desconocido; los detalles han sido obtenidos solamente de información de terceras partes. • http://osvdb.org/36402 http://secunia.com/advisories/25586 http://www.securityfocus.com/bid/24406 https://exchange.xforce.ibmcloud.com/vulnerabilities/34808 •
CVSS: 5.0EPSS: 6%CPEs: 12EXPL: 0CVE-2006-3379
https://notcve.org/view.php?id=CVE-2006-3379
Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. Vulnerabilidad de complejidad algorítmica en Hiki Wiki v0.6.0 hasta v0.6.5 y v0.8.0 hasta v0.8.5 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante la realización de un diff entre páginas grandes manipuladas que disparan el peor caso. • http://hikiwiki.org/en/advisory20060703.html http://jvn.jp/jp/JVN%2398836916/index.html http://secunia.com/advisories/20741 http://secunia.com/advisories/21150 http://www.debian.org/security/2006/dsa-1119 http://www.osvdb.org/26970 http://www.securityfocus.com/bid/18785 http://www.vupen.com/english/advisories/2006/2643 https://exchange.xforce.ibmcloud.com/vulnerabilities/27507 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2002-1070 – PHP-Wiki 1.2/1.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1070
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter. • https://www.exploit-db.com/exploits/21622 http://archives.neohapsis.com/archives/bugtraq/2002-07/0190.html http://www.iss.net/security_center/static/9627.php http://www.securityfocus.com/bid/5254 •