Vulnerabilites related to foswiki - foswiki
CVE-2012-6330 (GCVE-0-2012-6330)
Vulnerability from cvelistv5
Published
2013-01-04 21:00
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6330",
"datePublished": "2013-01-04T21:00:00",
"dateReserved": "2012-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33756 (GCVE-0-2023-33756)
Vulnerability from cvelistv5
Published
2023-08-08 00:00
Modified
2024-10-15 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://foswiki.org/Support/SecurityAlert-CVE-2023-33756"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33756",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:00:12.777528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:00:25.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://foswiki.org/Support/SecurityAlert-CVE-2023-33756"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33756",
"datePublished": "2023-08-08T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2024-10-15T18:00:25.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1434 (GCVE-0-2009-1434)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "foswiki-unspecified-csrf(50256)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50256"
},
{
"name": "54148",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54148"
},
{
"name": "[foswiki-announce] 20090427 Security Alert CVE-2009-1434: Foswiki Page View Cross-Site Request Forgery (CSRF)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk\u0026forum_name=foswiki-announce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434"
},
{
"name": "34863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-1434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "foswiki-unspecified-csrf(50256)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50256"
},
{
"name": "54148",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54148"
},
{
"name": "[foswiki-announce] 20090427 Security Alert CVE-2009-1434: Foswiki Page View Cross-Site Request Forgery (CSRF)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk\u0026forum_name=foswiki-announce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434"
},
{
"name": "34863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/cve/2009-1434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "foswiki-unspecified-csrf(50256)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50256"
},
{
"name": "54148",
"refsource": "OSVDB",
"url": "http://osvdb.org/54148"
},
{
"name": "[foswiki-announce] 20090427 Security Alert CVE-2009-1434: Foswiki Page View Cross-Site Request Forgery (CSRF)",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk\u0026forum_name=foswiki-announce"
},
{
"name": "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434",
"refsource": "CONFIRM",
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434"
},
{
"name": "34863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34863"
},
{
"name": "https://launchpad.net/bugs/cve/2009-1434",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/cve/2009-1434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1434",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-27T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4215 (GCVE-0-2010-4215)
Vulnerability from cvelistv5
Published
2010-11-16 23:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44858"
},
{
"name": "foswiki-manage-priv-escalation(63253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63253"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://foswiki.org/Support/SecurityAlertCVE20104215"
},
{
"name": "[foswiki-announce] 20101110 [ANNOUNCE] Foswiki Security Alert CVE-2010-4215 - User can alter topic preferences using the \"Edit topic preference settings\" feature and save them even though he has no privileges to edit the topic.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk"
},
{
"name": "42275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44858"
},
{
"name": "foswiki-manage-priv-escalation(63253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63253"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://foswiki.org/Support/SecurityAlertCVE20104215"
},
{
"name": "[foswiki-announce] 20101110 [ANNOUNCE] Foswiki Security Alert CVE-2010-4215 - User can alter topic preferences using the \"Edit topic preference settings\" feature and save them even though he has no privileges to edit the topic.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk"
},
{
"name": "42275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44858"
},
{
"name": "foswiki-manage-priv-escalation(63253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63253"
},
{
"name": "http://foswiki.org/Support/SecurityAlertCVE20104215",
"refsource": "CONFIRM",
"url": "http://foswiki.org/Support/SecurityAlertCVE20104215"
},
{
"name": "[foswiki-announce] 20101110 [ANNOUNCE] Foswiki Security Alert CVE-2010-4215 - User can alter topic preferences using the \"Edit topic preference settings\" feature and save them even though he has no privileges to edit the topic.",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk"
},
{
"name": "42275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4215",
"datePublished": "2010-11-16T23:00:00",
"dateReserved": "2010-11-09T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24698 (GCVE-0-2023-24698)
Vulnerability from cvelistv5
Published
2023-08-08 00:00
Modified
2024-10-15 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:19.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://foswiki.org/Support/SecurityAlert-CVE-2023-24698"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:07:02.077425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:07:11.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://foswiki.org/Support/SecurityAlert-CVE-2023-24698"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24698",
"datePublished": "2023-08-08T00:00:00",
"dateReserved": "2023-01-30T00:00:00",
"dateUpdated": "2024-10-15T18:07:11.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4853 (GCVE-0-2009-4853)
Vulnerability from cvelistv5
Published
2010-05-07 18:23
Modified
2024-08-07 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://static.jumpbox.com/README/README-foswiki.txt"
},
{
"name": "jumpbox-unspecified-xss(58588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58588"
},
{
"name": "ADV-2009-3258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://static.jumpbox.com/README/README-foswiki.txt"
},
{
"name": "jumpbox-unspecified-xss(58588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58588"
},
{
"name": "ADV-2009-3258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://static.jumpbox.com/README/README-foswiki.txt",
"refsource": "CONFIRM",
"url": "http://static.jumpbox.com/README/README-foswiki.txt"
},
{
"name": "jumpbox-unspecified-xss(58588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58588"
},
{
"name": "ADV-2009-3258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4853",
"datePublished": "2010-05-07T18:23:00",
"dateReserved": "2010-05-07T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1666 (GCVE-0-2013-1666)
Vulnerability from cvelistv5
Published
2019-11-01 16:48
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1666"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2013-1666"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/archive/1/525733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T16:48:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1666"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2013-1666"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/archive/1/525733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1666",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1666"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/03/24/20",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/20"
},
{
"name": "http://foswiki.org/Support/SecurityAlert-CVE-2013-1666",
"refsource": "CONFIRM",
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2013-1666"
},
{
"name": "https://www.securityfocus.com/archive/1/525733",
"refsource": "MISC",
"url": "https://www.securityfocus.com/archive/1/525733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1666",
"datePublished": "2019-11-01T16:48:00",
"dateReserved": "2013-02-13T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1004 (GCVE-0-2012-1004)
Vulnerability from cvelistv5
Published
2012-02-08 02:00
Modified
2024-09-17 02:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html"
},
{
"name": "47849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2012-1004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://foswiki.org/Tasks/Item11501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://foswiki.org/Tasks/Item11498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-08T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html"
},
{
"name": "47849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2012-1004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://foswiki.org/Tasks/Item11501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://foswiki.org/Tasks/Item11498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html"
},
{
"name": "47849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47849"
},
{
"name": "http://foswiki.org/Support/SecurityAlert-CVE-2012-1004",
"refsource": "CONFIRM",
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2012-1004"
},
{
"name": "http://foswiki.org/Tasks/Item11501",
"refsource": "CONFIRM",
"url": "http://foswiki.org/Tasks/Item11501"
},
{
"name": "http://foswiki.org/Tasks/Item11498",
"refsource": "CONFIRM",
"url": "http://foswiki.org/Tasks/Item11498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1004",
"datePublished": "2012-02-08T02:00:00Z",
"dateReserved": "2012-02-06T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:41.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-01 17:15
Modified
2024-11-21 01:50
Severity ?
Summary
Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://foswiki.org/Support/SecurityAlert-CVE-2013-1666 | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/03/24/20 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2013-1666 | Third Party Advisory | |
| cve@mitre.org | https://www.securityfocus.com/archive/1/525733 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://foswiki.org/Support/SecurityAlert-CVE-2013-1666 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/03/24/20 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2013-1666 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/archive/1/525733 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAE672D-6163-4868-812E-B7ABE3A7803A",
"versionEndExcluding": "1.1.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro."
},
{
"lang": "es",
"value": "Foswiki versiones anteriores a 1.1.8, contiene una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en la macro MAKETEXT."
}
],
"id": "CVE-2013-1666",
"lastModified": "2024-11-21T01:50:06.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-01T17:15:10.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2013-1666"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1666"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/archive/1/525733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2013-1666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/archive/1/525733"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-17 01:00
Modified
2025-04-11 00:51
Severity ?
Summary
UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C38025-5D6C-4862-879A-B6BB489AD9E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F126547D-222B-4671-93CF-4F8E0124DA8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup."
},
{
"lang": "es",
"value": "UI/Manage.pm en Foswiki v1.1.0 y v1.1.1 permite a usuarios autenticados remotamente ganar privilegios modificando las preferencias de GROUP y ALLOWTOPICCHANGE en las preferencias de tema en Main.AdminGroup."
}
],
"id": "CVE-2010-4215",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-11-17T01:00:03.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://foswiki.org/Support/SecurityAlertCVE20104215"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42275"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/44858"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://foswiki.org/Support/SecurityAlertCVE20104215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63253"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 5.1.0 | |
| twiki | twiki | 5.1.1 | |
| foswiki | foswiki | 1.0.0 | |
| foswiki | foswiki | 1.0.1 | |
| foswiki | foswiki | 1.0.2 | |
| foswiki | foswiki | 1.0.3 | |
| foswiki | foswiki | 1.0.4 | |
| foswiki | foswiki | 1.0.10 | |
| foswiki | foswiki | 1.1.0 | |
| foswiki | foswiki | 1.1.1 | |
| foswiki | foswiki | 1.1.2 | |
| foswiki | foswiki | 1.1.3 | |
| foswiki | foswiki | 1.1.4 | |
| foswiki | foswiki | 1.1.5 | |
| foswiki | foswiki | 1.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D4B535-185E-4AE2-AFC1-212D520E859D",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07BBEFE6-5F18-4663-B324-1C2A9AE9DBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7962DD6F-7915-4790-BA93-7019014BD8F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B6551-9ED0-4D32-A9DC-C1167550ECED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9280019F-EBB1-476A-BF19-B9B2FA5F929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE5ADD0-893A-4E5E-AF4D-550562338FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46521E63-4714-4464-AA2F-91E3DC892389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "711FE886-F31B-4931-92A5-739001A8EFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "86B3A5FB-EF9D-443E-9626-00A0C157D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C38025-5D6C-4862-879A-B6BB489AD9E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F126547D-222B-4671-93CF-4F8E0124DA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6EA3C8-6739-43D8-981D-D4A1799B5C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE81899-0502-4BFB-91B6-D5E321817022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "345AD50C-E933-4311-9925-798302D121AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52934CA5-415D-4A65-9194-896012A1A2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE21744-59DC-44C0-B33E-94942B1911DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
},
{
"lang": "es",
"value": "La funcionalidad de localizaci\u00f3n en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (consumo de memoria)a trav\u00e9s de un entero largo en una macro %MAKETEXT%."
}
],
"id": "CVE-2012-6330",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T21:55:01.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56950"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 15:15
Modified
2024-11-21 07:48
Severity ?
Summary
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://foswiki.org/Support/SecurityAlert-CVE-2023-24698 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://foswiki.org/Support/SecurityAlert-CVE-2023-24698 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F70917F6-D95E-4810-B5DD-EEDA47E471C7",
"versionEndIncluding": "2.1.7",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request."
}
],
"id": "CVE-2023-24698",
"lastModified": "2024-11-21T07:48:19.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T15:15:09.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://foswiki.org/Support/SecurityAlert-CVE-2023-24698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://foswiki.org/Support/SecurityAlert-CVE-2023-24698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0355BD7-ECE2-415D-8F35-68B0B05DC22F",
"versionEndIncluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B6551-9ED0-4D32-A9DC-C1167550ECED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9280019F-EBB1-476A-BF19-B9B2FA5F929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE5ADD0-893A-4E5E-AF4D-550562338FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46521E63-4714-4464-AA2F-91E3DC892389",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Foswiki anterior a v1.0.5 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios a su elecci\u00f3n para realizar solicitudes que modifiquen las p\u00e1ginas, cambiar los permisos, o cambiar la pertenencia a grupos, como se demuestr\u00f3 mediante una URL para (1) guardar o (2) ver script en el atributo SRC de un elemento IMG, una cuesti\u00f3n relacionada con la CVE-2009-1339."
}
],
"id": "CVE-2009-1434",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-30T20:30:00.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54148"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34863"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk\u0026forum_name=foswiki-announce"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50256"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/cve/2009-1434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk\u0026forum_name=foswiki-announce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/cve/2009-1434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-08 04:11
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C38025-5D6C-4862-879A-B6BB489AD9E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F126547D-222B-4671-93CF-4F8E0124DA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6EA3C8-6739-43D8-981D-D4A1799B5C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE81899-0502-4BFB-91B6-D5E321817022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "345AD50C-E933-4311-9925-798302D121AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "ACC5E1CD-E5D2-4138-BC30-AF7D4FE88E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.4:rc:*:*:*:*:*:*",
"matchCriteriaId": "130B7ED2-AD70-4CF5-83BA-11B7A0EA4EF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en UI/Register.pm en Foswiki antes de v1.1.5, permite a usuarios autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, o (16) Comment. NOTA: algunos de estos detalles han sido obtenidos de terceras fuentes de informaci\u00f3n."
}
],
"evaluatorImpact": "Per: http://foswiki.org/Support/SecurityAlert-CVE-2012-1004\r\n\r\n\u0027Vulnerable Software Versions - All versions 1.0.0 - 1.1.4 inclusive for sites that use the user registration process\u0027",
"id": "CVE-2012-1004",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-08T04:11:31.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2012-1004"
},
{
"source": "cve@mitre.org",
"url": "http://foswiki.org/Tasks/Item11498"
},
{
"source": "cve@mitre.org",
"url": "http://foswiki.org/Tasks/Item11501"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47849"
},
{
"source": "cve@mitre.org",
"url": "http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2012-1004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://foswiki.org/Tasks/Item11498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://foswiki.org/Tasks/Item11501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-07 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jumpbox:jumpbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9369BD41-FFC7-478A-888A-918766FF7255",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jumpbox:jumpbox:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD408B7A-1CD1-4831-9714-80BD2D41E75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11277D21-F7C5-4700-BB1C-3600F28DF912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en JumpBox anteriores a v1.1.2 para Foswiki Wiki System, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros no especificados."
}
],
"id": "CVE-2009-4853",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-07T18:30:01.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://static.jumpbox.com/README/README-foswiki.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3258"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://static.jumpbox.com/README/README-foswiki.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58588"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 15:15
Modified
2024-11-21 08:05
Severity ?
Summary
An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://foswiki.org/Support/SecurityAlert-CVE-2023-33756 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://foswiki.org/Support/SecurityAlert-CVE-2023-33756 | Exploit, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371A2FAF-E7AA-4816-968A-26F0B368A741",
"versionEndIncluding": "2.1.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal."
}
],
"id": "CVE-2023-33756",
"lastModified": "2024-11-21T08:05:57.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T15:15:10.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://foswiki.org/Support/SecurityAlert-CVE-2023-33756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://foswiki.org/Support/SecurityAlert-CVE-2023-33756"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}