CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24698
https://notcve.org/view.php?id=CVE-2023-24698
08 Aug 2023 — Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. • https://foswiki.org/Support/SecurityAlert-CVE-2023-24698 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33756
https://notcve.org/view.php?id=CVE-2023-33756
08 Aug 2023 — An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. • https://foswiki.org/Support/SecurityAlert-CVE-2023-33756 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2013-1666
https://notcve.org/view.php?id=CVE-2013-1666
01 Nov 2019 — Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. Foswiki versiones anteriores a 1.1.8, contiene una vulnerabilidad de inyección de código en la macro MAKETEXT. • http://foswiki.org/Support/SecurityAlert-CVE-2013-1666 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 73%CPEs: 16EXPL: 1CVE-2012-6330 – Foswiki MAKETEXT - Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-6330
04 Jan 2013 — The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro. La funcionalidad de localización en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegación de servicio (consumo de memoria)a través de un entero largo en una macro %MAKETEXT%. • https://www.exploit-db.com/exploits/23580 • CWE-189: Numeric Errors •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2012-1004
https://notcve.org/view.php?id=CVE-2012-1004
08 Feb 2012 — Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party i... • http://foswiki.org/Support/SecurityAlert-CVE-2012-1004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4215
https://notcve.org/view.php?id=CVE-2010-4215
16 Nov 2010 — UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. UI/Manage.pm en Foswiki v1.1.0 y v1.1.1 permite a usuarios autenticados remotamente ganar privilegios modificando las preferencias de GROUP y ALLOWTOPICCHANGE en las preferencias de tema en Main.AdminGroup. • http://foswiki.org/Support/SecurityAlertCVE20104215 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4853
https://notcve.org/view.php?id=CVE-2009-4853
07 May 2010 — Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en JumpBox anteriores a v1.1.2 para Foswiki Wiki System, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. • http://static.jumpbox.com/README/README-foswiki.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2009-1434
https://notcve.org/view.php?id=CVE-2009-1434
30 Apr 2009 — Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Foswiki anterior a v1.0.5 permite a atacantes remotos secuestrar la autenticación... • http://foswiki.org/Support/SecurityAlert-CVE-2009-1434 • CWE-352: Cross-Site Request Forgery (CSRF) •