NotCVE - vendor:"Ikiwiki" product:"Ikiwiki" version:"1.1.47"

15 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1

CVE-2015-2793

https://notcve.org/view.php?id=CVE-2015-2793

21 Nov 2019 — Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo templates/openid-selector.tmpl en ikiwiki versiones anteriores a 3.20150329, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro openid_identifier en una acción de comp... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-1673

https://notcve.org/view.php?id=CVE-2010-1673

30 Oct 2019 — A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. Una vulnerabilidad de tipo cross-site scripting (XSS) en ikiwiki versiones anteriores a 3.20101112, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un comentario. • https://ikiwiki.info/security/#index37h2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.2EPSS: 1%CPEs: 4EXPL: 0

CVE-2011-1408

https://notcve.org/view.php?id=CVE-2011-1408

29 Oct 2019 — ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. ikiwiki versiones anteriores a 3.20110608, permite a atacantes remotos secuestrar tty de root y ejecutar ataques de tipo symlink. • https://ikiwiki.info/security/#index40h2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-0428

https://notcve.org/view.php?id=CVE-2011-0428

29 Oct 2019 — Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en ikiwiki versiones anteriores a 3.20110122, podría permitir a atacantes remotos insertar JavaScript arbitrario debido a una comprobación insuficiente en los comentarios. • https://ikiwiki.info/security/#index38h2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-9187 – Debian Security Advisory 4399-1

https://notcve.org/view.php?id=CVE-2019-9187

01 Mar 2019 — ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs. ikiwiki anterior a versión 3.20170111.1 y versión 3.2018x y versión 3.2019x anterior a 3.20190228, permite SSRF por medio del plugin aggregate. El impacto también incluye la lectura de archivos locales por medio de archivos: URIs. Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side reque... • https://ikiwiki.info/news • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9645 – Editing restriction bypass for git revert

https://notcve.org/view.php?id=CVE-2016-9645

10 Apr 2018 — The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. La solución para ikiwiki para CVE-2016-10026 era incompleta, lo que resulta en la omisión de las restricciones de edición para git revert al emplear las versiones de git inferiores a la 2.8.0. Esto se ha solucionado en 3.20161229. • https://ikiwiki.info/security/#cve-2016-9645 • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-9646 – Commit metadata forgery via CGI::FormBuilder context-dependent APIs

https://notcve.org/view.php?id=CVE-2016-9646

13 Jan 2017 — ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. ikiwiki, en versiones anteriores a la 3.20161229, llamó incorrectamente al método CGI::FormBuilder->field (similar a la API CGI->param que desembocó en el CVE-2014-1572 de Bugzilla), que puede aprovecharse para falsificar metadatos del commit. Multiple vulnerabilities have been found in the Ikiwiki wiki c... • https://ikiwiki.info/security/#cve-2016-9646 • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1

CVE-2017-0356 – Authentication bypass via repeated parameters

https://notcve.org/view.php?id=CVE-2017-0356

13 Jan 2017 — A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. Existe un error similar a CVE-2016-9646 en ikiwiki, en versiones anteriores a la 3.20170111, en el uso del plugin passwordauth de CGI::FormBuilder. Esto permite que un atacante omita la autenticación mediante parámetros repetidos. Multiple vulnerabilities have been found in the Ikiwiki wiki compiler. • http://www.securityfocus.com/bid/95420 • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-4561 – Debian Security Advisory 3571-1

https://notcve.org/view.php?id=CVE-2016-4561

09 May 2016 — Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. Vulnerabilidad de XSS en la función cgierror en CGI.pm en ikiwiki en versiones anteriores a 3.20160506 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados que implican un mensaje de error. Simon McVittie discov... • http://ikiwiki.info/security/#index43h2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 178EXPL: 0

CVE-2012-0220

https://notcve.org/view.php?id=CVE-2012-0220

29 May 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin en Plugin/meta.pm en ikiwiki anterior a v3.20120516 , permite a atacantes remotos inyectar secuencias de comandos web o HTML a través (1) del parámetro author o (2) de la meta etique... • http://ikiwiki.info/news/version_3.20120516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2