Vulnerabilites related to ikiwiki - ikiwiki
Vulnerability from fkie_nvd
Published
2008-02-19 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65EC4321-9CD5-43CE-A25A-0DB6210D5579",
"versionEndIncluding": "1.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el htmlscrubber de Ikiwiki antes de 1.1.46 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los contenidos del t\u00edtulo."
}
],
"id": "CVE-2008-0809",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-19T01:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ikiwiki.info/security/#index27h2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28911"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29369"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1523"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ikiwiki.info/security/#index27h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27760"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-19 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A633FE-8142-46FE-A189-F9D8D50D7528",
"versionEndIncluding": "1.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.33.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC5DFC4-DA1B-49B7-AFD5-57977D75FED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "356A3B66-637B-4429-A201-EAB0A8FD9DB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el meta plugin de Ikiwiki antes de 1.1.47 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de meta tags (etiquetas)."
}
],
"id": "CVE-2008-0808",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-19T01:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110"
},
{
"source": "cve@mitre.org",
"url": "http://ikiwiki.info/security/#index30h2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28911"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29369"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1523"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ikiwiki.info/security/#index30h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27760"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-13 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20161219:*:*:*:*:*:*:*",
"matchCriteriaId": "3356F821-E0C4-45AB-AAB8-C371F71F1D04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."
},
{
"lang": "es",
"value": "ikiwiki 3.20161219 no verifica adecuadamente si una revisi\u00f3n cambia los permisos de acceso para una p\u00e1gina en sitios con los plugins git y recentchanges y la interfaz CGI habilitados, lo que permite a atacantes remotos revertir ciertos cambios aprovechando permisos para cambiar la p\u00e1gina antes de que sea hecha la revisi\u00f3n."
}
],
"id": "CVE-2016-10026",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T18:59:00.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#index46h2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-31 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A161EE7-4B7F-43C2-ADE3-0F3FD7A333EB",
"versionEndIncluding": "3.141592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196439CC-B5BE-4016-B6CF-B8308002D61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE568DE-413C-4EF7-96C6-AF2D47EB36BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20FFAE6B-9EBD-461A-AF5C-BB00EA2A652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C064545-5C87-4CC5-A9FA-379A9F4ED0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "729BA91F-625A-4734-814D-EADE78A42CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "025BA9CF-1F77-4BC1-A884-3E49B23BB668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3120790-F2E2-4780-8022-B88EB326C8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF180F3A-2B55-4555-9A3B-D8C12CB52CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF68A8E1-96D7-49A5-B844-9FE7A0FE9631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E1152479-FAAA-4AF5-85A8-9454C48CE087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4490706B-50FF-4126-8EB8-4F4AFDE5B2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70DD7148-E3ED-4726-A7B7-E4DEB6978DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "350315D5-C124-430D-BD7C-9EE5C3F4D957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA658C7-2D79-4A8D-977E-D7F4640CEAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8892C63F-297A-4D7A-8F63-B15BAE578645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0E83FBBB-0837-41EE-A56A-C837FAE6394C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E14AF144-D023-4FF1-B6B6-FF3E74D61F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDE3606-418B-4E76-97F8-655CE1679857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6877A1-D793-48A7-9187-63EA568EC854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "739EB847-21B4-4728-9F38-3925893A37A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1630A6-8578-4B0A-9F12-549EE0C42E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE7BEB-A9E9-476A-ABDF-663A8F69BA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "10E53E42-F691-4237-AAC1-A93E35EADD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6994F418-61A4-4CB5-94FA-C7DC7A31BBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "356A3B66-637B-4429-A201-EAB0A8FD9DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BC2505-E5EF-4CA4-B747-F74F20BFDCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDB27DC-1B2B-4893-AFC7-71535919567B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18275BA3-A5D0-410B-9D90-B8DBDB486849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "06E20D04-ADEA-4773-843A-2D6BB0FC5591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C76D329C-975F-4180-9102-2CAA24230C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "86A6C38C-6B71-4A83-B280-C1195D668DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB24A6A-D1D2-4200-ACF6-93F20AA2CEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "3B998D73-576D-4942-A164-8898437815DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "69FBED8F-C567-4366-97E7-E5CF6A9BC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "01494227-D431-4F2B-8174-25A5C2CBC3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "C26EFAF6-5DE3-4562-A831-DE9CCD40B31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "553F2BF0-0375-406F-9F6D-33E49543BC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.49:*:*:*:*:*:*:*",
"matchCriteriaId": "06FBD3B4-99E3-4ED5-A49F-8747C26962BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4888637D-EBA4-4DD3-9EE9-ABA9D26799AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F140A-2391-4663-B680-8E58FD315C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "29DF1E0B-250C-47C1-BC76-4F9EE90AB836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "82F41174-0E9C-4A09-BAEB-D75595181334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.54:*:*:*:*:*:*:*",
"matchCriteriaId": "744A8DB6-3FD4-4891-B623-6E4AE0518867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.55:*:*:*:*:*:*:*",
"matchCriteriaId": "90056C13-CF77-4BE1-A9CE-C8811ABA29C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.56:*:*:*:*:*:*:*",
"matchCriteriaId": "E013025D-F390-4206-8BE6-42F5F6DBCDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1C334708-7565-4E30-BEC5-75CB91B13645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E0BDA8-8EBE-4D8F-B65E-6D22C89A7F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "502FAEEA-7E31-49A2-9F1B-79CB5D7A094B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.62.1:*:*:*:*:*:*:*",
"matchCriteriaId": "325CDDEF-2C66-4B9B-9B70-B4FA5D619F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B7CA1D-C4CA-45CD-B6AB-48E3CA289714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BC2691-C9B1-46C1-A3DD-D232BEB25B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.65:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE00B3B-220C-4FD0-83FC-CB235E2C91D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.66:*:*:*:*:*:*:*",
"matchCriteriaId": "984B8C95-0B58-4585-9EC8-393563DA7851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3261F3F5-BBAC-407A-BD0B-159F295D6B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.68:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FFEB95-74D2-4EF9-9816-279546590319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.69:*:*:*:*:*:*:*",
"matchCriteriaId": "EA175F1E-3D1F-42B1-9FA5-66187EB89670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6EA187-821B-4673-9581-FD1A877E6CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE832BA-23B5-4D10-866D-10EB86217795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "EA08E303-A084-4CAF-AA7D-39E3289B6514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF7F5FD-27CB-4E7E-AF50-EAAB20DAD289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "02ADB4DC-4FA7-4696-BE15-4038AA7C8440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA76343-5D08-4E79-8E83-29799E8BF9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "110383CC-7DAB-4FC7-9898-92AF1CB76585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "CB47B7AD-40A2-466F-AF26-92DB4BF9EDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4560DD73-D1A2-46D9-A3F7-BAC5A294B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "27D8EE30-BFBB-45C6-8B27-012E17CA3C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "7374FCDB-55E7-48AC-8E38-51C20500BBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.08:*:*:*:*:*:*:*",
"matchCriteriaId": "03FA5A43-6317-4510-BC00-7BCF3DB4F502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "695759BE-8539-496A-AABD-2F56ACFDA0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0566B074-7F01-4482-8F26-F08EDD4F0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3D2C53-A15F-4FEF-A56B-A4A00C24DF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F89322-85B0-4C8B-AB60-4577FB914D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5B55BCD8-E214-4C75-86F7-247ECBEAFF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B19DCEDD-AC25-48F2-B0D9-F35C67AA3A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.141:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDE6204-5CC9-4867-BD9E-9C999C1E6D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.1415:*:*:*:*:*:*:*",
"matchCriteriaId": "29453740-F182-4BD1-ADD8-BF3F37D2D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14159:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FA5E6A-F504-43DC-8021-1BE35FB25269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en el plugin teximg en ikiwiki anterior a v3.1415926 y v2.x anterior a v2.53.4, permite a atacantes dependientes de contexto leer archivos de su elecci\u00f3n a trav\u00e9s de comando TeX manipulados."
}
],
"id": "CVE-2009-2944",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-31T20:30:00.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://ikiwiki.info/security/#index35h2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/57575"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36516"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36539"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1875"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36181"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2475"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://ikiwiki.info/security/#index35h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/57575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52922"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-10 22:29
Modified
2024-11-21 03:01
Severity ?
Summary
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | https://ikiwiki.info/security/#cve-2016-9645 | Vendor Advisory | |
| security@debian.org | https://marc.info/?l=oss-security&m=148304341511854&w=2 | Third Party Advisory | |
| security@debian.org | https://security-tracker.debian.org/tracker/CVE-2016-9645 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#cve-2016-9645 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://marc.info/?l=oss-security&m=148304341511854&w=2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2016-9645 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD21DAE-CF4C-4D5D-B9D9-53CA09C4CDDD",
"versionEndExcluding": "2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229."
},
{
"lang": "es",
"value": "La soluci\u00f3n para ikiwiki para CVE-2016-10026 era incompleta, lo que resulta en la omisi\u00f3n de las restricciones de edici\u00f3n para git revert al emplear las versiones de git inferiores a la 2.8.0. Esto se ha solucionado en 3.20161229."
}
],
"id": "CVE-2016-9645",
"lastModified": "2024-11-21T03:01:34.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-10T22:29:00.243",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-13 15:29
Modified
2024-11-21 03:02
Severity ?
Summary
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://www.securityfocus.com/bid/95420 | Third Party Advisory, VDB Entry | |
| security@debian.org | https://ikiwiki.info/security/#cve-2017-0356 | Vendor Advisory | |
| security@debian.org | https://marc.info/?l=oss-security&m=148418234314276&w=2 | Exploit, Third Party Advisory | |
| security@debian.org | https://www.debian.org/security/2017/dsa-3760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95420 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#cve-2017-0356 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://marc.info/?l=oss-security&m=148418234314276&w=2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3760 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8DC37A-4530-4DCB-AD78-45C4D020D3BE",
"versionEndExcluding": "3.20170111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
},
{
"lang": "es",
"value": "Existe un error similar a CVE-2016-9646 en ikiwiki, en versiones anteriores a la 3.20170111, en el uso del plugin passwordauth de CGI::FormBuilder. Esto permite que un atacante omita la autenticaci\u00f3n mediante par\u00e1metros repetidos."
}
],
"id": "CVE-2017-0356",
"lastModified": "2024-11-21T03:02:49.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-13T15:29:00.273",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95420"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-31 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196439CC-B5BE-4016-B6CF-B8308002D61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20FFAE6B-9EBD-461A-AF5C-BB00EA2A652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C064545-5C87-4CC5-A9FA-379A9F4ED0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "729BA91F-625A-4734-814D-EADE78A42CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "025BA9CF-1F77-4BC1-A884-3E49B23BB668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3120790-F2E2-4780-8022-B88EB326C8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "350315D5-C124-430D-BD7C-9EE5C3F4D957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA658C7-2D79-4A8D-977E-D7F4640CEAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8892C63F-297A-4D7A-8F63-B15BAE578645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0E83FBBB-0837-41EE-A56A-C837FAE6394C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E14AF144-D023-4FF1-B6B6-FF3E74D61F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDE3606-418B-4E76-97F8-655CE1679857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6877A1-D793-48A7-9187-63EA568EC854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "739EB847-21B4-4728-9F38-3925893A37A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1630A6-8578-4B0A-9F12-549EE0C42E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE7BEB-A9E9-476A-ABDF-663A8F69BA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "10E53E42-F691-4237-AAC1-A93E35EADD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6994F418-61A4-4CB5-94FA-C7DC7A31BBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "356A3B66-637B-4429-A201-EAB0A8FD9DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BC2505-E5EF-4CA4-B747-F74F20BFDCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDB27DC-1B2B-4893-AFC7-71535919567B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18275BA3-A5D0-410B-9D90-B8DBDB486849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "06E20D04-ADEA-4773-843A-2D6BB0FC5591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C76D329C-975F-4180-9102-2CAA24230C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "86A6C38C-6B71-4A83-B280-C1195D668DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB24A6A-D1D2-4200-ACF6-93F20AA2CEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "3B998D73-576D-4942-A164-8898437815DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "69FBED8F-C567-4366-97E7-E5CF6A9BC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "01494227-D431-4F2B-8174-25A5C2CBC3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "C26EFAF6-5DE3-4562-A831-DE9CCD40B31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "553F2BF0-0375-406F-9F6D-33E49543BC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.49:*:*:*:*:*:*:*",
"matchCriteriaId": "06FBD3B4-99E3-4ED5-A49F-8747C26962BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4888637D-EBA4-4DD3-9EE9-ABA9D26799AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F140A-2391-4663-B680-8E58FD315C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "29DF1E0B-250C-47C1-BC76-4F9EE90AB836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "82F41174-0E9C-4A09-BAEB-D75595181334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "02ADB4DC-4FA7-4696-BE15-4038AA7C8440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA76343-5D08-4E79-8E83-29799E8BF9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "110383CC-7DAB-4FC7-9898-92AF1CB76585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "CB47B7AD-40A2-466F-AF26-92DB4BF9EDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4560DD73-D1A2-46D9-A3F7-BAC5A294B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E96286A8-66B5-4BB1-9458-2BD511FCF633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "27D8EE30-BFBB-45C6-8B27-012E17CA3C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "7374FCDB-55E7-48AC-8E38-51C20500BBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.08:*:*:*:*:*:*:*",
"matchCriteriaId": "03FA5A43-6317-4510-BC00-7BCF3DB4F502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "695759BE-8539-496A-AABD-2F56ACFDA0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0566B074-7F01-4482-8F26-F08EDD4F0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3D2C53-A15F-4FEF-A56B-A4A00C24DF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F89322-85B0-4C8B-AB60-4577FB914D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5B55BCD8-E214-4C75-86F7-247ECBEAFF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B19DCEDD-AC25-48F2-B0D9-F35C67AA3A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.141:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDE6204-5CC9-4867-BD9E-9C999C1E6D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.1415:*:*:*:*:*:*:*",
"matchCriteriaId": "29453740-F182-4BD1-ADD8-BF3F37D2D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14159:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FA5E6A-F504-43DC-8021-1BE35FB25269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.141592:*:*:*:*:*:*:*",
"matchCriteriaId": "4278165A-A50E-4B8D-BB7C-FF9582FD5FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.1415926:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3CC84E-2651-413A-A5EA-5F7B8FE52C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14159265:*:*:*:*:*:*:*",
"matchCriteriaId": "29520481-85F4-4A51-AF80-2F5043097985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091009:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAC672C-049F-44F3-BBEB-145CA43A71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091017:*:*:*:*:*:*:*",
"matchCriteriaId": "9707D395-6C38-4AC4-9439-893F03EFB254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091022:*:*:*:*:*:*:*",
"matchCriteriaId": "036BB985-A056-4567-BE9D-C2A7E5BC7A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091023:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF27ADD-874F-41A5-A26C-CAA239E4DB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091031:*:*:*:*:*:*:*",
"matchCriteriaId": "B31EC7C6-A717-406B-A1D0-9DB71D61F91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091113:*:*:*:*:*:*:*",
"matchCriteriaId": "8376C3F6-23D5-4190-B1C1-FC64E1E63BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091202:*:*:*:*:*:*:*",
"matchCriteriaId": "5E355429-D88B-440C-AF37-70C68BDE5A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091218:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD3E355-A140-43E1-AEBA-EC2645EF5B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100102.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1DA17C-2992-4451-B3E0-589A0AF2DAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100122:*:*:*:*:*:*:*",
"matchCriteriaId": "1722DF6B-0C2D-41BB-9232-A91FAD0ADBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100212:*:*:*:*:*:*:*",
"matchCriteriaId": "94D0B8FC-8367-4701-BB4D-1AEF4AA09DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100302:*:*:*:*:*:*:*",
"matchCriteriaId": "49713406-54D0-48E9-A9C5-EE8934259B2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente htmlscrubber en ikiwiki 2.x en versiones anteriores a la 2.53.5 y 3.x en versiones anteriores a la 3.20100312 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante una URI data:image/svg+xml manipulada."
}
],
"id": "CVE-2010-1195",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-31T18:00:00.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://ikiwiki.info/security/#index36h2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38983"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39048"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://ikiwiki.info/security/#index36h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0662"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 18:29
Modified
2024-11-21 04:51
Severity ?
Summary
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5820F84-9B21-40D2-815C-881BE8DABCE1",
"versionEndExcluding": "3.20170111.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B21D0888-267E-4FC9-B609-A988D73C1F0A",
"versionEndExcluding": "3.20190226",
"versionStartIncluding": "3.20190207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180105:*:*:*:*:*:*:*",
"matchCriteriaId": "B95F227E-BF5E-4221-9D74-0A5B4B123CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180228:*:*:*:*:*:*:*",
"matchCriteriaId": "602AC6B3-B133-4C14-B39F-78E5D26B939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180311:*:*:*:*:*:*:*",
"matchCriteriaId": "2D298889-62C1-4C38-A175-140D051E1A09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
},
{
"lang": "es",
"value": "ikiwiki anterior a versi\u00f3n 3.20170111.1 y versi\u00f3n 3.2018x y versi\u00f3n 3.2019x anterior a 3.20190228, permite SSRF por medio del plugin aggregate. El impacto tambi\u00e9n incluye la lectura de archivos locales por medio de archivos: URIs."
}
],
"id": "CVE-2019-9187",
"lastModified": "2024-11-21T04:51:10.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T18:29:01.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/news/"
},
{
"source": "cve@mitre.org",
"url": "https://ikiwiki.info/news/version_3.20190228/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ikiwiki.info/news/version_3.20190228/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 01:23
Severity ?
Summary
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ikiwiki.info/security/#index38h2 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2011-0428 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#index38h2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-0428 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC641FA-8487-4289-8FD7-0C5E9914D99D",
"versionEndExcluding": "3.20110122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross Site Scripting (XSS) en ikiwiki versiones anteriores a 3.20110122, podr\u00eda permitir a atacantes remotos insertar JavaScript arbitrario debido a una comprobaci\u00f3n insuficiente en los comentarios."
}
],
"id": "CVE-2011-0428",
"lastModified": "2024-11-21T01:23:56.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:12.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ikiwiki.info/security/#index38h2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ikiwiki.info/security/#index38h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8F89FC-3CF4-40DA-933B-4D0C3A1F2253",
"versionEndIncluding": "3.20160121",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funci\u00f3n cgierror en CGI.pm en ikiwiki en versiones anteriores a 3.20160506 podr\u00eda permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados que implican un mensaje de error."
}
],
"id": "CVE-2016-4561",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-10T19:59:04.307",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://ikiwiki.info/security/#index43h2"
},
{
"source": "security@debian.org",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://ikiwiki.info/security/#index43h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3571"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 20:15
Modified
2024-11-21 02:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7637F73-A417-4C09-B373-422C1EB21C8D",
"versionEndExcluding": "3.20150329",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo templates/openid-selector.tmpl en ikiwiki versiones anteriores a 3.20150329, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro openid_identifier en una acci\u00f3n de comprobaci\u00f3n para el archivo ikiwiki.cgi."
}
],
"id": "CVE-2015-2793",
"lastModified": "2024-11-21T02:28:05.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T20:15:15.553",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
},
{
"source": "security@debian.org",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-11 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4F2F39-7F9A-4911-A07C-813062FF70BE",
"versionEndIncluding": "3.20110321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C317DF-5E2F-4186-B4D3-DAEBB222BA15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98D271F8-2CF0-4C15-83B0-38BD7612D960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "E069D0ED-DD88-4474-8AB0-D5E0BEE2303B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A940B76-8885-4092-A3A8-99A748ECE9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFCE714-55B2-4FC2-984D-EC41CC209156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6B0AD-190C-48EE-8F66-03583E39A127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71E2F2DF-4338-4DF6-8C9B-13E71EA11B88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "15377D2C-6FA4-4057-8443-AE9F6D4101EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0012769F-6027-4A42-91DF-FB0B62B25E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "843FB602-C8F8-4EA4-A341-3D76A57A9545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3752D073-526E-4B53-B9EA-8F4A1C59606B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBF2ADB-E8F2-4B4A-89F2-34F91F2700AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B5209B-2409-434A-B67B-588602E7A160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4254EA-4A58-4AC8-A7BC-C7A5DD3D4F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A9912B3C-AF89-4A2A-BF8C-A719DD4DB506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "95CEA805-A659-4921-9350-467D1164145A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA94530-A13D-48AF-894F-7A8239456BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F96621-2455-4BC2-A89B-BB412B7236B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "878E79C1-CB92-4B8D-9ED6-6C2B52C938F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "94F57A2D-435D-47FC-8E64-C90E0312E0B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "54415C86-D928-4545-8F54-AAB83DAE85C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A3833230-F622-447E-940E-FF2AF4E321F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84AA46D5-131B-4A41-81B4-F5F62C7AAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "585DBF81-A229-4942-B93C-FCE7BFABB059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "08EE472F-08C8-4000-8BEE-A96A8A036227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "29C1006E-A657-407C-99CF-8FEEAC09540F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E3178EFC-F754-40DC-B967-7D1EC5E42205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9AA87F-7DBA-4D9F-B6FA-FD83B9AB6E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "86749A9B-C23A-491C-87C7-ED1082245443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "CE009D83-DB00-4075-A009-349D718F2DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "BE64BA69-57F3-4B44-A00D-8526FEEE19BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "107B6B9D-3C7C-464E-996D-C64D68F2AF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "50FDA211-B8EC-4305-9BE1-271E934E0A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "BECDB561-DE97-463F-B253-61ABD33CD0A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.33.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC5DFC4-DA1B-49B7-AFD5-57977D75FED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "23C20D44-6C00-4443-9803-DDA2502B3397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7113F05-8351-4A80-B161-993367E6789E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF3D536-A6A2-419A-8D62-04DC0A2E7501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "65D4943C-A9D3-4918-90A2-3F8FF9CE38B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF46EE7-B811-414F-A08E-D4E21D7EE4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "1229F63D-D1AA-4C96-999E-12B7AA162034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "369A8C2E-31CB-4B55-A695-7BE0767F2C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.39:*:*:*:*:*:*:*",
"matchCriteriaId": "67065260-88DD-42AE-8A26-03A9034B15F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "874B99CA-6284-4488-A90B-5666B95CAD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "B176C826-1DAC-4ED3-9EF0-650140BF2BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C6C5B-5605-4570-87B9-F1C96F3A6A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "560AD3F1-B825-4366-B813-8EC5C17EC130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "907C38BF-0AF3-4C79-97C5-E6F2D96A95C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "80B09A6E-0455-4F70-8098-A97604F20908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "843B6F62-9667-4CD6-84F4-503474198AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "416AEE64-BD36-4C85-BD22-6E711DD62194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "899105EF-0843-4324-B871-8137B30BCE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4671EE3F-B495-4858-B8BF-597A2A763EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "70A360C7-76C3-4B69-9BBD-E9932AED6280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "5B2A2B1B-195C-431F-B504-94116BC292B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196439CC-B5BE-4016-B6CF-B8308002D61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE568DE-413C-4EF7-96C6-AF2D47EB36BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20FFAE6B-9EBD-461A-AF5C-BB00EA2A652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C064545-5C87-4CC5-A9FA-379A9F4ED0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "729BA91F-625A-4734-814D-EADE78A42CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "025BA9CF-1F77-4BC1-A884-3E49B23BB668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3120790-F2E2-4780-8022-B88EB326C8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF180F3A-2B55-4555-9A3B-D8C12CB52CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF68A8E1-96D7-49A5-B844-9FE7A0FE9631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E1152479-FAAA-4AF5-85A8-9454C48CE087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4490706B-50FF-4126-8EB8-4F4AFDE5B2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70DD7148-E3ED-4726-A7B7-E4DEB6978DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "350315D5-C124-430D-BD7C-9EE5C3F4D957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA658C7-2D79-4A8D-977E-D7F4640CEAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8892C63F-297A-4D7A-8F63-B15BAE578645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0E83FBBB-0837-41EE-A56A-C837FAE6394C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E14AF144-D023-4FF1-B6B6-FF3E74D61F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDE3606-418B-4E76-97F8-655CE1679857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6877A1-D793-48A7-9187-63EA568EC854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "739EB847-21B4-4728-9F38-3925893A37A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1630A6-8578-4B0A-9F12-549EE0C42E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE7BEB-A9E9-476A-ABDF-663A8F69BA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "10E53E42-F691-4237-AAC1-A93E35EADD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6994F418-61A4-4CB5-94FA-C7DC7A31BBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "356A3B66-637B-4429-A201-EAB0A8FD9DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BC2505-E5EF-4CA4-B747-F74F20BFDCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDB27DC-1B2B-4893-AFC7-71535919567B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18275BA3-A5D0-410B-9D90-B8DBDB486849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "06E20D04-ADEA-4773-843A-2D6BB0FC5591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C76D329C-975F-4180-9102-2CAA24230C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "86A6C38C-6B71-4A83-B280-C1195D668DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB24A6A-D1D2-4200-ACF6-93F20AA2CEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "3B998D73-576D-4942-A164-8898437815DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "69FBED8F-C567-4366-97E7-E5CF6A9BC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "01494227-D431-4F2B-8174-25A5C2CBC3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "C26EFAF6-5DE3-4562-A831-DE9CCD40B31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "553F2BF0-0375-406F-9F6D-33E49543BC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.49:*:*:*:*:*:*:*",
"matchCriteriaId": "06FBD3B4-99E3-4ED5-A49F-8747C26962BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4888637D-EBA4-4DD3-9EE9-ABA9D26799AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F140A-2391-4663-B680-8E58FD315C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "29DF1E0B-250C-47C1-BC76-4F9EE90AB836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "82F41174-0E9C-4A09-BAEB-D75595181334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.54:*:*:*:*:*:*:*",
"matchCriteriaId": "744A8DB6-3FD4-4891-B623-6E4AE0518867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.55:*:*:*:*:*:*:*",
"matchCriteriaId": "90056C13-CF77-4BE1-A9CE-C8811ABA29C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.56:*:*:*:*:*:*:*",
"matchCriteriaId": "E013025D-F390-4206-8BE6-42F5F6DBCDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1C334708-7565-4E30-BEC5-75CB91B13645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E0BDA8-8EBE-4D8F-B65E-6D22C89A7F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "502FAEEA-7E31-49A2-9F1B-79CB5D7A094B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.62.1:*:*:*:*:*:*:*",
"matchCriteriaId": "325CDDEF-2C66-4B9B-9B70-B4FA5D619F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B7CA1D-C4CA-45CD-B6AB-48E3CA289714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BC2691-C9B1-46C1-A3DD-D232BEB25B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.65:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE00B3B-220C-4FD0-83FC-CB235E2C91D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.66:*:*:*:*:*:*:*",
"matchCriteriaId": "984B8C95-0B58-4585-9EC8-393563DA7851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3261F3F5-BBAC-407A-BD0B-159F295D6B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.68:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FFEB95-74D2-4EF9-9816-279546590319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.69:*:*:*:*:*:*:*",
"matchCriteriaId": "EA175F1E-3D1F-42B1-9FA5-66187EB89670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6EA187-821B-4673-9581-FD1A877E6CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE832BA-23B5-4D10-866D-10EB86217795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "EA08E303-A084-4CAF-AA7D-39E3289B6514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF7F5FD-27CB-4E7E-AF50-EAAB20DAD289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "02ADB4DC-4FA7-4696-BE15-4038AA7C8440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA76343-5D08-4E79-8E83-29799E8BF9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "110383CC-7DAB-4FC7-9898-92AF1CB76585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "CB47B7AD-40A2-466F-AF26-92DB4BF9EDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4560DD73-D1A2-46D9-A3F7-BAC5A294B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E96286A8-66B5-4BB1-9458-2BD511FCF633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "27D8EE30-BFBB-45C6-8B27-012E17CA3C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "7374FCDB-55E7-48AC-8E38-51C20500BBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.08:*:*:*:*:*:*:*",
"matchCriteriaId": "03FA5A43-6317-4510-BC00-7BCF3DB4F502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "695759BE-8539-496A-AABD-2F56ACFDA0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0566B074-7F01-4482-8F26-F08EDD4F0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3D2C53-A15F-4FEF-A56B-A4A00C24DF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F89322-85B0-4C8B-AB60-4577FB914D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5B55BCD8-E214-4C75-86F7-247ECBEAFF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B19DCEDD-AC25-48F2-B0D9-F35C67AA3A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.141:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDE6204-5CC9-4867-BD9E-9C999C1E6D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.1415:*:*:*:*:*:*:*",
"matchCriteriaId": "29453740-F182-4BD1-ADD8-BF3F37D2D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14159:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FA5E6A-F504-43DC-8021-1BE35FB25269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.141592:*:*:*:*:*:*:*",
"matchCriteriaId": "4278165A-A50E-4B8D-BB7C-FF9582FD5FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.1415926:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3CC84E-2651-413A-A5EA-5F7B8FE52C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14159265:*:*:*:*:*:*:*",
"matchCriteriaId": "29520481-85F4-4A51-AF80-2F5043097985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091009:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAC672C-049F-44F3-BBEB-145CA43A71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091017:*:*:*:*:*:*:*",
"matchCriteriaId": "9707D395-6C38-4AC4-9439-893F03EFB254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091022:*:*:*:*:*:*:*",
"matchCriteriaId": "036BB985-A056-4567-BE9D-C2A7E5BC7A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091023:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF27ADD-874F-41A5-A26C-CAA239E4DB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091031:*:*:*:*:*:*:*",
"matchCriteriaId": "B31EC7C6-A717-406B-A1D0-9DB71D61F91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091113:*:*:*:*:*:*:*",
"matchCriteriaId": "8376C3F6-23D5-4190-B1C1-FC64E1E63BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091202:*:*:*:*:*:*:*",
"matchCriteriaId": "5E355429-D88B-440C-AF37-70C68BDE5A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091218:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD3E355-A140-43E1-AEBA-EC2645EF5B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100102.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1DA17C-2992-4451-B3E0-589A0AF2DAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100122:*:*:*:*:*:*:*",
"matchCriteriaId": "1722DF6B-0C2D-41BB-9232-A91FAD0ADBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100212:*:*:*:*:*:*:*",
"matchCriteriaId": "94D0B8FC-8367-4701-BB4D-1AEF4AA09DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100302:*:*:*:*:*:*:*",
"matchCriteriaId": "49713406-54D0-48E9-A9C5-EE8934259B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100312:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0FF220-15F9-4341-B39C-6CD7D5C19882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100403:*:*:*:*:*:*:*",
"matchCriteriaId": "536F11DE-6574-454A-9AB9-747943AE7DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100427:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDED23A-A80E-4818-999B-1619EE181AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100501:*:*:*:*:*:*:*",
"matchCriteriaId": "92C4AE8A-E14C-442E-8987-CF464370DE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100504:*:*:*:*:*:*:*",
"matchCriteriaId": "66A606FB-338C-42C8-8EF4-0F03793E5544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100515:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF333FF-6E4E-4685-8A76-4C6A5EF75E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100518:*:*:*:*:*:*:*",
"matchCriteriaId": "16AF8262-EC8F-44EF-8247-463A51D81C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100518.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79639BA7-9CF5-44F6-AFBF-B9772947001F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100610:*:*:*:*:*:*:*",
"matchCriteriaId": "613E0043-9F2A-47AA-81F3-63EAF4A012DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100623:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C2D744-2745-4887-A12B-A98FAF2C8282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100722:*:*:*:*:*:*:*",
"matchCriteriaId": "481FAFAA-1032-4775-924B-D1516CD2F432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100804:*:*:*:*:*:*:*",
"matchCriteriaId": "30F27AF8-7EF2-44F4-842D-A1E255EE7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100815:*:*:*:*:*:*:*",
"matchCriteriaId": "DECA2DE1-0DD1-4783-B749-3AD5EE0A2CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100831:*:*:*:*:*:*:*",
"matchCriteriaId": "23E992A5-ECD0-4B07-AC2B-9D856B452ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100926:*:*:*:*:*:*:*",
"matchCriteriaId": "282DFBB4-68FB-4344-9CCF-0FD0B490DE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101019:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB49AE8-9684-4286-8E30-91DAC09C66A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101023:*:*:*:*:*:*:*",
"matchCriteriaId": "2A79658A-9327-4EB3-99C4-12F25CC4910A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101112:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FACD96-0703-4F99-90B1-F432BDD30D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101129:*:*:*:*:*:*:*",
"matchCriteriaId": "1F010680-6ACC-482A-9150-28A51071DCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101201:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B4EFBD-959E-4F46-821B-45BCBA040D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101231:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB6B5A0-CF84-4A09-B77B-0B1B20442E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110105:*:*:*:*:*:*:*",
"matchCriteriaId": "5B212CCA-12BF-4F87-AF6C-C591EC9B7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110123:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC049F6-9C1C-40E0-8AE7-2608A93F073F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110124:*:*:*:*:*:*:*",
"matchCriteriaId": "8959E436-7C12-4A7A-BED9-FD66A6011F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110225:*:*:*:*:*:*:*",
"matchCriteriaId": "C0411D2D-098D-47B8-B0E4-D94AF92AD334",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the \"meta stylesheet\" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet."
},
{
"lang": "es",
"value": "ikiwiki anterior a v3.20110328 no establece si el plugin htmlscrubber est\u00e1 habilitado durante el proceso de la directiva \"meta stylesheet\", lo que permite a usuarios autenticados de forma remota conducir un ataque de vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de hojas de estilo en cascada (CSS) manipuladas en (1) la hoja de estilo por defecto o (2) en una hoja de estilo alternativa."
}
],
"id": "CVE-2011-1401",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-11T18:55:03.710",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ikiwiki.info/security/#index39h2"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44079"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44137"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2214"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47285"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0907"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ikiwiki.info/security/#index39h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-03 15:32
Modified
2025-04-09 00:30
Severity ?
Summary
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71E2F2DF-4338-4DF6-8C9B-13E71EA11B88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "23C20D44-6C00-4443-9803-DDA2502B3397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7113F05-8351-4A80-B161-993367E6789E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF3D536-A6A2-419A-8D62-04DC0A2E7501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "65D4943C-A9D3-4918-90A2-3F8FF9CE38B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF46EE7-B811-414F-A08E-D4E21D7EE4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "1229F63D-D1AA-4C96-999E-12B7AA162034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "369A8C2E-31CB-4B55-A695-7BE0767F2C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.39:*:*:*:*:*:*:*",
"matchCriteriaId": "67065260-88DD-42AE-8A26-03A9034B15F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "874B99CA-6284-4488-A90B-5666B95CAD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "B176C826-1DAC-4ED3-9EF0-650140BF2BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C6C5B-5605-4570-87B9-F1C96F3A6A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "560AD3F1-B825-4366-B813-8EC5C17EC130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "907C38BF-0AF3-4C79-97C5-E6F2D96A95C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "80B09A6E-0455-4F70-8098-A97604F20908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "843B6F62-9667-4CD6-84F4-503474198AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "416AEE64-BD36-4C85-BD22-6E711DD62194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "899105EF-0843-4324-B871-8137B30BCE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4671EE3F-B495-4858-B8BF-597A2A763EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "5B2A2B1B-195C-431F-B504-94116BC292B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196439CC-B5BE-4016-B6CF-B8308002D61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20FFAE6B-9EBD-461A-AF5C-BB00EA2A652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C064545-5C87-4CC5-A9FA-379A9F4ED0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "729BA91F-625A-4734-814D-EADE78A42CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "025BA9CF-1F77-4BC1-A884-3E49B23BB668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3120790-F2E2-4780-8022-B88EB326C8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF180F3A-2B55-4555-9A3B-D8C12CB52CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E1152479-FAAA-4AF5-85A8-9454C48CE087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4490706B-50FF-4126-8EB8-4F4AFDE5B2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70DD7148-E3ED-4726-A7B7-E4DEB6978DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "350315D5-C124-430D-BD7C-9EE5C3F4D957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA658C7-2D79-4A8D-977E-D7F4640CEAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8892C63F-297A-4D7A-8F63-B15BAE578645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0E83FBBB-0837-41EE-A56A-C837FAE6394C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E14AF144-D023-4FF1-B6B6-FF3E74D61F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDE3606-418B-4E76-97F8-655CE1679857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6877A1-D793-48A7-9187-63EA568EC854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "739EB847-21B4-4728-9F38-3925893A37A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1630A6-8578-4B0A-9F12-549EE0C42E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE7BEB-A9E9-476A-ABDF-663A8F69BA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "10E53E42-F691-4237-AAC1-A93E35EADD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6994F418-61A4-4CB5-94FA-C7DC7A31BBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "356A3B66-637B-4429-A201-EAB0A8FD9DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BC2505-E5EF-4CA4-B747-F74F20BFDCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDB27DC-1B2B-4893-AFC7-71535919567B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18275BA3-A5D0-410B-9D90-B8DBDB486849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "06E20D04-ADEA-4773-843A-2D6BB0FC5591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C76D329C-975F-4180-9102-2CAA24230C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "86A6C38C-6B71-4A83-B280-C1195D668DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB24A6A-D1D2-4200-ACF6-93F20AA2CEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "3B998D73-576D-4942-A164-8898437815DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "C26EFAF6-5DE3-4562-A831-DE9CCD40B31E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence."
},
{
"lang": "es",
"value": "Plugin/passwordauth.pm (tambi\u00e9n conocido como plugin passwordauth) en ikiwiki versiones de la 1.34 hasta la 2.47, permite a atacantes remotos saltarse la autenticaci\u00f3n y login de cualquier cuenta en la que se configura una identidad OpenID y no se configura una contrase\u00f1a, especificando una contrase\u00f1a vac\u00eda durante la secuencia de login."
}
],
"id": "CVE-2008-0169",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-03T15:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770"
},
{
"source": "cve@mitre.org",
"url": "http://ikiwiki.info/news/version_2.48/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://ikiwiki.info/security/#index33h2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30468"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/05/31/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29479"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1710"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ikiwiki.info/news/version_2.48/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ikiwiki.info/security/#index33h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/05/31/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 20:15
Modified
2024-11-21 01:26
Severity ?
Summary
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ikiwiki.info/security/#index40h2 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2011-1408 | Third Party Advisory | |
| cve@mitre.org | https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098 | Third Party Advisory | |
| cve@mitre.org | https://www.tenable.com/plugins/nessus/55157 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#index40h2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-1408 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/plugins/nessus/55157 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A1C117-1CF4-4D9F-B19C-CCD95077E6C8",
"versionEndExcluding": "3.20110608",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root\u0027s tty and run symlink attacks."
},
{
"lang": "es",
"value": "ikiwiki versiones anteriores a 3.20110608, permite a atacantes remotos secuestrar tty de root y ejecutar ataques de tipo symlink."
}
],
"id": "CVE-2011-1408",
"lastModified": "2024-11-21T01:26:14.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T20:15:10.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-30 23:15
Modified
2024-11-21 01:14
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ikiwiki.info/security/#index37h2 | Vendor Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-1673 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#index37h2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-1673 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1482113C-43F0-49BF-BE54-BF18EBE2EC26",
"versionEndExcluding": "3.20101112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en ikiwiki versiones anteriores a 3.20101112, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un comentario."
}
],
"id": "CVE-2010-1673",
"lastModified": "2024-11-21T01:14:57.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T23:15:10.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#index37h2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#index37h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-13 15:29
Modified
2024-11-21 03:01
Severity ?
Summary
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | https://ikiwiki.info/security/#cve-2016-9646 | Vendor Advisory | |
| security@debian.org | https://marc.info/?l=oss-security&m=148304341511854&w=2 | Third Party Advisory | |
| security@debian.org | https://security-tracker.debian.org/tracker/CVE-2016-9646 | Issue Tracking, Third Party Advisory | |
| security@debian.org | https://www.debian.org/security/2017/dsa-3760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#cve-2016-9646 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://marc.info/?l=oss-security&m=148304341511854&w=2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2016-9646 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3760 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D184243F-E174-4371-ABAE-460777B3CE19",
"versionEndExcluding": "3.20161229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery."
},
{
"lang": "es",
"value": "ikiwiki, en versiones anteriores a la 3.20161229, llam\u00f3 incorrectamente al m\u00e9todo CGI::FormBuilder-\u003efield (similar a la API CGI-\u003eparam que desemboc\u00f3 en el CVE-2014-1572 de Bugzilla), que puede aprovecharse para falsificar metadatos del commit."
}
],
"id": "CVE-2016-9646",
"lastModified": "2024-11-21T03:01:34.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-13T15:29:00.210",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-29 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B63CA5F2-B5F3-41CF-BF79-AB02542E8358",
"versionEndIncluding": "3.20120419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C317DF-5E2F-4186-B4D3-DAEBB222BA15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98D271F8-2CF0-4C15-83B0-38BD7612D960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "E069D0ED-DD88-4474-8AB0-D5E0BEE2303B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A940B76-8885-4092-A3A8-99A748ECE9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFCE714-55B2-4FC2-984D-EC41CC209156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6B0AD-190C-48EE-8F66-03583E39A127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71E2F2DF-4338-4DF6-8C9B-13E71EA11B88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "15377D2C-6FA4-4057-8443-AE9F6D4101EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0012769F-6027-4A42-91DF-FB0B62B25E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "843FB602-C8F8-4EA4-A341-3D76A57A9545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3752D073-526E-4B53-B9EA-8F4A1C59606B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBF2ADB-E8F2-4B4A-89F2-34F91F2700AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B5209B-2409-434A-B67B-588602E7A160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4254EA-4A58-4AC8-A7BC-C7A5DD3D4F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A9912B3C-AF89-4A2A-BF8C-A719DD4DB506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "95CEA805-A659-4921-9350-467D1164145A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA94530-A13D-48AF-894F-7A8239456BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F96621-2455-4BC2-A89B-BB412B7236B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "878E79C1-CB92-4B8D-9ED6-6C2B52C938F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "94F57A2D-435D-47FC-8E64-C90E0312E0B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "54415C86-D928-4545-8F54-AAB83DAE85C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A3833230-F622-447E-940E-FF2AF4E321F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84AA46D5-131B-4A41-81B4-F5F62C7AAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "585DBF81-A229-4942-B93C-FCE7BFABB059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "08EE472F-08C8-4000-8BEE-A96A8A036227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "29C1006E-A657-407C-99CF-8FEEAC09540F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E3178EFC-F754-40DC-B967-7D1EC5E42205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9AA87F-7DBA-4D9F-B6FA-FD83B9AB6E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "86749A9B-C23A-491C-87C7-ED1082245443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "CE009D83-DB00-4075-A009-349D718F2DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "BE64BA69-57F3-4B44-A00D-8526FEEE19BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "107B6B9D-3C7C-464E-996D-C64D68F2AF32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "50FDA211-B8EC-4305-9BE1-271E934E0A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "BECDB561-DE97-463F-B253-61ABD33CD0A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.33.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC5DFC4-DA1B-49B7-AFD5-57977D75FED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "23C20D44-6C00-4443-9803-DDA2502B3397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7113F05-8351-4A80-B161-993367E6789E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.34.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF3D536-A6A2-419A-8D62-04DC0A2E7501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "65D4943C-A9D3-4918-90A2-3F8FF9CE38B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF46EE7-B811-414F-A08E-D4E21D7EE4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "1229F63D-D1AA-4C96-999E-12B7AA162034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "369A8C2E-31CB-4B55-A695-7BE0767F2C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.39:*:*:*:*:*:*:*",
"matchCriteriaId": "67065260-88DD-42AE-8A26-03A9034B15F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "874B99CA-6284-4488-A90B-5666B95CAD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "B176C826-1DAC-4ED3-9EF0-650140BF2BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C6C5B-5605-4570-87B9-F1C96F3A6A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "560AD3F1-B825-4366-B813-8EC5C17EC130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "907C38BF-0AF3-4C79-97C5-E6F2D96A95C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "80B09A6E-0455-4F70-8098-A97604F20908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "843B6F62-9667-4CD6-84F4-503474198AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "416AEE64-BD36-4C85-BD22-6E711DD62194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "899105EF-0843-4324-B871-8137B30BCE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4671EE3F-B495-4858-B8BF-597A2A763EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "70A360C7-76C3-4B69-9BBD-E9932AED6280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "5B2A2B1B-195C-431F-B504-94116BC292B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196439CC-B5BE-4016-B6CF-B8308002D61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE568DE-413C-4EF7-96C6-AF2D47EB36BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20FFAE6B-9EBD-461A-AF5C-BB00EA2A652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C064545-5C87-4CC5-A9FA-379A9F4ED0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "729BA91F-625A-4734-814D-EADE78A42CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "025BA9CF-1F77-4BC1-A884-3E49B23BB668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3120790-F2E2-4780-8022-B88EB326C8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF180F3A-2B55-4555-9A3B-D8C12CB52CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF68A8E1-96D7-49A5-B844-9FE7A0FE9631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E1152479-FAAA-4AF5-85A8-9454C48CE087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4490706B-50FF-4126-8EB8-4F4AFDE5B2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70DD7148-E3ED-4726-A7B7-E4DEB6978DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "350315D5-C124-430D-BD7C-9EE5C3F4D957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA658C7-2D79-4A8D-977E-D7F4640CEAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8892C63F-297A-4D7A-8F63-B15BAE578645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0E83FBBB-0837-41EE-A56A-C837FAE6394C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E14AF144-D023-4FF1-B6B6-FF3E74D61F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDE3606-418B-4E76-97F8-655CE1679857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6877A1-D793-48A7-9187-63EA568EC854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "739EB847-21B4-4728-9F38-3925893A37A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1630A6-8578-4B0A-9F12-549EE0C42E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE7BEB-A9E9-476A-ABDF-663A8F69BA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "10E53E42-F691-4237-AAC1-A93E35EADD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6994F418-61A4-4CB5-94FA-C7DC7A31BBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "356A3B66-637B-4429-A201-EAB0A8FD9DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11BC2505-E5EF-4CA4-B747-F74F20BFDCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDB27DC-1B2B-4893-AFC7-71535919567B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18275BA3-A5D0-410B-9D90-B8DBDB486849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "06E20D04-ADEA-4773-843A-2D6BB0FC5591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C76D329C-975F-4180-9102-2CAA24230C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "86A6C38C-6B71-4A83-B280-C1195D668DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB24A6A-D1D2-4200-ACF6-93F20AA2CEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.44:*:*:*:*:*:*:*",
"matchCriteriaId": "3B998D73-576D-4942-A164-8898437815DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "69FBED8F-C567-4366-97E7-E5CF6A9BC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "01494227-D431-4F2B-8174-25A5C2CBC3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.47:*:*:*:*:*:*:*",
"matchCriteriaId": "C26EFAF6-5DE3-4562-A831-DE9CCD40B31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "553F2BF0-0375-406F-9F6D-33E49543BC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.49:*:*:*:*:*:*:*",
"matchCriteriaId": "06FBD3B4-99E3-4ED5-A49F-8747C26962BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4888637D-EBA4-4DD3-9EE9-ABA9D26799AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F140A-2391-4663-B680-8E58FD315C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "29DF1E0B-250C-47C1-BC76-4F9EE90AB836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.53:*:*:*:*:*:*:*",
"matchCriteriaId": "82F41174-0E9C-4A09-BAEB-D75595181334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.54:*:*:*:*:*:*:*",
"matchCriteriaId": "744A8DB6-3FD4-4891-B623-6E4AE0518867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.55:*:*:*:*:*:*:*",
"matchCriteriaId": "90056C13-CF77-4BE1-A9CE-C8811ABA29C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.56:*:*:*:*:*:*:*",
"matchCriteriaId": "E013025D-F390-4206-8BE6-42F5F6DBCDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1C334708-7565-4E30-BEC5-75CB91B13645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E0BDA8-8EBE-4D8F-B65E-6D22C89A7F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "502FAEEA-7E31-49A2-9F1B-79CB5D7A094B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.62.1:*:*:*:*:*:*:*",
"matchCriteriaId": "325CDDEF-2C66-4B9B-9B70-B4FA5D619F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B7CA1D-C4CA-45CD-B6AB-48E3CA289714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BC2691-C9B1-46C1-A3DD-D232BEB25B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.65:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE00B3B-220C-4FD0-83FC-CB235E2C91D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.66:*:*:*:*:*:*:*",
"matchCriteriaId": "984B8C95-0B58-4585-9EC8-393563DA7851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3261F3F5-BBAC-407A-BD0B-159F295D6B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.68:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FFEB95-74D2-4EF9-9816-279546590319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.69:*:*:*:*:*:*:*",
"matchCriteriaId": "EA175F1E-3D1F-42B1-9FA5-66187EB89670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6EA187-821B-4673-9581-FD1A877E6CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE832BA-23B5-4D10-866D-10EB86217795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "EA08E303-A084-4CAF-AA7D-39E3289B6514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF7F5FD-27CB-4E7E-AF50-EAAB20DAD289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "02ADB4DC-4FA7-4696-BE15-4038AA7C8440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA76343-5D08-4E79-8E83-29799E8BF9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "110383CC-7DAB-4FC7-9898-92AF1CB76585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "CB47B7AD-40A2-466F-AF26-92DB4BF9EDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4560DD73-D1A2-46D9-A3F7-BAC5A294B91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E96286A8-66B5-4BB1-9458-2BD511FCF633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "27D8EE30-BFBB-45C6-8B27-012E17CA3C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "7374FCDB-55E7-48AC-8E38-51C20500BBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.08:*:*:*:*:*:*:*",
"matchCriteriaId": "03FA5A43-6317-4510-BC00-7BCF3DB4F502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "695759BE-8539-496A-AABD-2F56ACFDA0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0566B074-7F01-4482-8F26-F08EDD4F0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3D2C53-A15F-4FEF-A56B-A4A00C24DF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F89322-85B0-4C8B-AB60-4577FB914D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5B55BCD8-E214-4C75-86F7-247ECBEAFF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B19DCEDD-AC25-48F2-B0D9-F35C67AA3A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.141:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDE6204-5CC9-4867-BD9E-9C999C1E6D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.1415:*:*:*:*:*:*:*",
"matchCriteriaId": "29453740-F182-4BD1-ADD8-BF3F37D2D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14159:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FA5E6A-F504-43DC-8021-1BE35FB25269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.141592:*:*:*:*:*:*:*",
"matchCriteriaId": "4278165A-A50E-4B8D-BB7C-FF9582FD5FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.1415926:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3CC84E-2651-413A-A5EA-5F7B8FE52C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.14159265:*:*:*:*:*:*:*",
"matchCriteriaId": "29520481-85F4-4A51-AF80-2F5043097985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091009:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAC672C-049F-44F3-BBEB-145CA43A71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091017:*:*:*:*:*:*:*",
"matchCriteriaId": "9707D395-6C38-4AC4-9439-893F03EFB254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091022:*:*:*:*:*:*:*",
"matchCriteriaId": "036BB985-A056-4567-BE9D-C2A7E5BC7A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091023:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF27ADD-874F-41A5-A26C-CAA239E4DB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091031:*:*:*:*:*:*:*",
"matchCriteriaId": "B31EC7C6-A717-406B-A1D0-9DB71D61F91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091113:*:*:*:*:*:*:*",
"matchCriteriaId": "8376C3F6-23D5-4190-B1C1-FC64E1E63BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091202:*:*:*:*:*:*:*",
"matchCriteriaId": "5E355429-D88B-440C-AF37-70C68BDE5A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20091218:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD3E355-A140-43E1-AEBA-EC2645EF5B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100102.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1DA17C-2992-4451-B3E0-589A0AF2DAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100122:*:*:*:*:*:*:*",
"matchCriteriaId": "1722DF6B-0C2D-41BB-9232-A91FAD0ADBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100212:*:*:*:*:*:*:*",
"matchCriteriaId": "94D0B8FC-8367-4701-BB4D-1AEF4AA09DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100302:*:*:*:*:*:*:*",
"matchCriteriaId": "49713406-54D0-48E9-A9C5-EE8934259B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100312:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0FF220-15F9-4341-B39C-6CD7D5C19882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100403:*:*:*:*:*:*:*",
"matchCriteriaId": "536F11DE-6574-454A-9AB9-747943AE7DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100427:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDED23A-A80E-4818-999B-1619EE181AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100501:*:*:*:*:*:*:*",
"matchCriteriaId": "92C4AE8A-E14C-442E-8987-CF464370DE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100504:*:*:*:*:*:*:*",
"matchCriteriaId": "66A606FB-338C-42C8-8EF4-0F03793E5544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100515:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF333FF-6E4E-4685-8A76-4C6A5EF75E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100518:*:*:*:*:*:*:*",
"matchCriteriaId": "16AF8262-EC8F-44EF-8247-463A51D81C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100518.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79639BA7-9CF5-44F6-AFBF-B9772947001F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100610:*:*:*:*:*:*:*",
"matchCriteriaId": "613E0043-9F2A-47AA-81F3-63EAF4A012DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100623:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C2D744-2745-4887-A12B-A98FAF2C8282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100722:*:*:*:*:*:*:*",
"matchCriteriaId": "481FAFAA-1032-4775-924B-D1516CD2F432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100804:*:*:*:*:*:*:*",
"matchCriteriaId": "30F27AF8-7EF2-44F4-842D-A1E255EE7E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100815:*:*:*:*:*:*:*",
"matchCriteriaId": "DECA2DE1-0DD1-4783-B749-3AD5EE0A2CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100831:*:*:*:*:*:*:*",
"matchCriteriaId": "23E992A5-ECD0-4B07-AC2B-9D856B452ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20100926:*:*:*:*:*:*:*",
"matchCriteriaId": "282DFBB4-68FB-4344-9CCF-0FD0B490DE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101019:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB49AE8-9684-4286-8E30-91DAC09C66A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101023:*:*:*:*:*:*:*",
"matchCriteriaId": "2A79658A-9327-4EB3-99C4-12F25CC4910A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101112:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FACD96-0703-4F99-90B1-F432BDD30D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101129:*:*:*:*:*:*:*",
"matchCriteriaId": "1F010680-6ACC-482A-9150-28A51071DCAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101201:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B4EFBD-959E-4F46-821B-45BCBA040D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20101231:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB6B5A0-CF84-4A09-B77B-0B1B20442E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110105:*:*:*:*:*:*:*",
"matchCriteriaId": "5B212CCA-12BF-4F87-AF6C-C591EC9B7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110123:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC049F6-9C1C-40E0-8AE7-2608A93F073F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110124:*:*:*:*:*:*:*",
"matchCriteriaId": "8959E436-7C12-4A7A-BED9-FD66A6011F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110225:*:*:*:*:*:*:*",
"matchCriteriaId": "C0411D2D-098D-47B8-B0E4-D94AF92AD334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20110321:*:*:*:*:*:*:*",
"matchCriteriaId": "5466A58F-1FDE-4AD3-9B2A-1086DFFF8AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20120115:*:*:*:*:*:*:*",
"matchCriteriaId": "F958D89C-72B5-4BE7-8BDA-3C5A46CAE6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20120202:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFD7773-776D-4CC3-A2DC-091B9EA614B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20120203:*:*:*:*:*:*:*",
"matchCriteriaId": "6973AF45-067D-418F-BA40-7EEC3C5AB555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el plugin en Plugin/meta.pm en ikiwiki anterior a v3.20120516 , permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s (1) del par\u00e1metro author o (2) de la meta etiqueta authorurl.\r\n"
}
],
"id": "CVE-2012-0220",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-29T20:55:06.617",
"references": [
{
"source": "security@debian.org",
"url": "http://ikiwiki.info/news/version_3.20120516/"
},
{
"source": "security@debian.org",
"url": "http://osvdb.org/81995"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49199"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49232"
},
{
"source": "security@debian.org",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2474"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/53599"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ikiwiki.info/news/version_3.20120516/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75702"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-21 13:05
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB7C1FD-F2FF-4B1F-9B29-B5CE7A9BB32E",
"versionEndIncluding": "2.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Ikiwiki versiones anteriores a 2.42 permite a atacantes remotos modificar preferencias de usuarios, incluyendo contrase\u00f1as, a trav\u00e9s de los formularios (1) preferences y (2) edit."
}
],
"id": "CVE-2008-0165",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-21T13:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
},
{
"source": "cve@mitre.org",
"url": "http://ikiwiki.info/security/#index31h2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29907"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29932"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1553"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1297/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ikiwiki.info/security/#index31h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1297/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-0809 (GCVE-0-2008-0809)
Vulnerability from cvelistv5
Published
2008-02-19 00:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:39.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index27h2"
},
{
"name": "29369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29369"
},
{
"name": "28911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28911"
},
{
"name": "27760",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27760"
},
{
"name": "DSA-1523",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index27h2"
},
{
"name": "29369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29369"
},
{
"name": "28911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28911"
},
{
"name": "27760",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27760"
},
{
"name": "DSA-1523",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ikiwiki.info/security/#index27h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index27h2"
},
{
"name": "29369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29369"
},
{
"name": "28911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28911"
},
{
"name": "27760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27760"
},
{
"name": "DSA-1523",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0809",
"datePublished": "2008-02-19T00:00:00",
"dateReserved": "2008-02-18T00:00:00",
"dateUpdated": "2024-08-07T08:01:39.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10026 (GCVE-0-2016-10026)
Vulnerability from cvelistv5
Published
2017-02-13 18:00
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"name": "https://ikiwiki.info/security/#index46h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10026",
"datePublished": "2017-02-13T18:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0220 (GCVE-0-2012-0220)
Vulnerability from cvelistv5
Published
2012-05-29 20:00
Modified
2024-08-06 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2474",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2474"
},
{
"name": "49199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49199"
},
{
"name": "81995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81995"
},
{
"name": "ikiwiki-unspecified-xss(75702)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75702"
},
{
"name": "53599",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/news/version_3.20120516/"
},
{
"name": "49232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-2474",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2474"
},
{
"name": "49199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49199"
},
{
"name": "81995",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81995"
},
{
"name": "ikiwiki-unspecified-xss(75702)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75702"
},
{
"name": "53599",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/news/version_3.20120516/"
},
{
"name": "49232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2474",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2474"
},
{
"name": "49199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49199"
},
{
"name": "81995",
"refsource": "OSVDB",
"url": "http://osvdb.org/81995"
},
{
"name": "ikiwiki-unspecified-xss(75702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75702"
},
{
"name": "53599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53599"
},
{
"name": "http://ikiwiki.info/news/version_3.20120516/",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/news/version_3.20120516/"
},
{
"name": "49232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49232"
},
{
"name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f",
"refsource": "CONFIRM",
"url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0220",
"datePublished": "2012-05-29T20:00:00",
"dateReserved": "2011-12-14T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2944 (GCVE-0-2009-2944)
Vulnerability from cvelistv5
Published
2009-08-31 20:00
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/57575"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index35h2"
},
{
"name": "36516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36516"
},
{
"name": "36539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36539"
},
{
"name": "DSA-1875",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1875"
},
{
"name": "36181",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36181"
},
{
"name": "ADV-2009-2475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2475"
},
{
"name": "ikiwiki-teximg-info-disclosure(52922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/57575"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index35h2"
},
{
"name": "36516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36516"
},
{
"name": "36539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36539"
},
{
"name": "DSA-1875",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1875"
},
{
"name": "36181",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36181"
},
{
"name": "ADV-2009-2475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2475"
},
{
"name": "ikiwiki-teximg-info-disclosure(52922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57575",
"refsource": "OSVDB",
"url": "http://osvdb.org/57575"
},
{
"name": "http://ikiwiki.info/security/#index35h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index35h2"
},
{
"name": "36516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36516"
},
{
"name": "36539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36539"
},
{
"name": "DSA-1875",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1875"
},
{
"name": "36181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36181"
},
{
"name": "ADV-2009-2475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2475"
},
{
"name": "ikiwiki-teximg-info-disclosure(52922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2944",
"datePublished": "2009-08-31T20:00:00",
"dateReserved": "2009-08-23T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9646 (GCVE-0-2016-9646)
Vulnerability from cvelistv5
Published
2018-04-13 15:00
Modified
2024-09-16 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- commit metadata forgery
Summary
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:02.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20161229"
}
]
}
],
"datePublic": "2016-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "commit metadata forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-13T14:57:02",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9646",
"discovery": "UNKNOWN"
},
"title": "Commit metadata forgery via CGI::FormBuilder context-dependent APIs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2016-12-29T19:29:00.000Z",
"ID": "CVE-2016-9646",
"STATE": "PUBLIC",
"TITLE": "Commit metadata forgery via CGI::FormBuilder context-dependent APIs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20161229"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "commit metadata forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-9646",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"name": "https://ikiwiki.info/security/#cve-2016-9646",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9646",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9646",
"datePublished": "2018-04-13T15:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-16T16:53:21.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0808 (GCVE-0-2008-0808)
Vulnerability from cvelistv5
Published
2008-02-19 00:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:38.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index30h2"
},
{
"name": "29369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29369"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110"
},
{
"name": "28911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28911"
},
{
"name": "27760",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27760"
},
{
"name": "DSA-1523",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index30h2"
},
{
"name": "29369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29369"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110"
},
{
"name": "28911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28911"
},
{
"name": "27760",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27760"
},
{
"name": "DSA-1523",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ikiwiki.info/security/#index30h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index30h2"
},
{
"name": "29369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29369"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110"
},
{
"name": "28911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28911"
},
{
"name": "27760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27760"
},
{
"name": "DSA-1523",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0808",
"datePublished": "2008-02-19T00:00:00",
"dateReserved": "2008-02-18T00:00:00",
"dateUpdated": "2024-08-07T08:01:38.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0428 (GCVE-0-2011-0428)
Vulnerability from cvelistv5
Published
2019-10-29 17:28
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index38h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T17:28:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index38h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-0428",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"name": "https://ikiwiki.info/security/#index38h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index38h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0428",
"datePublished": "2019-10-29T17:28:37",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9187 (GCVE-0-2019-9187)
Vulnerability from cvelistv5
Published
2019-06-05 17:55
Modified
2024-08-04 21:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/news/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T19:49:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/news/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"name": "https://ikiwiki.info/news/",
"refsource": "MISC",
"url": "https://ikiwiki.info/news/"
},
{
"name": "https://ikiwiki.info/news/version_3.20190228/",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9187",
"datePublished": "2019-06-05T17:55:37",
"dateReserved": "2019-02-26T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1195 (GCVE-0-2010-1195)
Vulnerability from cvelistv5
Published
2010-03-31 17:35
Modified
2024-09-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2020",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2020"
},
{
"name": "38983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38983"
},
{
"name": "39048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39048"
},
{
"name": "ADV-2010-0662",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index36h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-31T17:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2020",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2020"
},
{
"name": "38983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38983"
},
{
"name": "39048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39048"
},
{
"name": "ADV-2010-0662",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index36h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2020",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2020"
},
{
"name": "38983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38983"
},
{
"name": "39048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39048"
},
{
"name": "ADV-2010-0662",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0662"
},
{
"name": "http://ikiwiki.info/security/#index36h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index36h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1195",
"datePublished": "2010-03-31T17:35:00Z",
"dateReserved": "2010-03-30T00:00:00Z",
"dateUpdated": "2024-09-16T17:59:11.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1408 (GCVE-0-2011-1408)
Vulnerability from cvelistv5
Published
2019-10-29 19:51
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root\u0027s tty and run symlink attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T19:51:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root\u0027s tty and run symlink attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1408",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"name": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"name": "https://ikiwiki.info/security/#index40h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"name": "https://www.tenable.com/plugins/nessus/55157",
"refsource": "MISC",
"url": "https://www.tenable.com/plugins/nessus/55157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1408",
"datePublished": "2019-10-29T19:51:39",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1673 (GCVE-0-2010-1673)
Vulnerability from cvelistv5
Published
2019-10-30 22:56
Modified
2024-08-07 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index37h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:56:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index37h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-1673",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"name": "https://ikiwiki.info/security/#index37h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index37h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1673",
"datePublished": "2019-10-30T22:56:21",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9645 (GCVE-0-2016-9645)
Vulnerability from cvelistv5
Published
2018-04-10 22:00
Modified
2024-09-16 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- restriction bypass
Summary
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "3.20161229 and prior"
}
]
}
],
"datePublic": "2016-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "restriction bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T21:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9645",
"discovery": "UNKNOWN"
},
"title": "Editing restriction bypass for git revert",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2016-12-28T23:00:00.000Z",
"ID": "CVE-2016-9645",
"STATE": "PUBLIC",
"TITLE": "Editing restriction bypass for git revert"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "3.20161229 and prior"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "restriction bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-9645",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"name": "https://ikiwiki.info/security/#cve-2016-9645",
"refsource": "MISC",
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"name": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2",
"refsource": "MISC",
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9645",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9645",
"datePublished": "2018-04-10T22:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-16T17:03:23.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0165 (GCVE-0-2008-0165)
Vulnerability from cvelistv5
Published
2008-04-20 18:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1553"
},
{
"name": "29907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29907"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
},
{
"name": "29932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29932"
},
{
"name": "ADV-2008-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1297/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index31h2"
},
{
"name": "ikiwiki-change-password-csrf(41904)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1553",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1553"
},
{
"name": "29907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29907"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
},
{
"name": "29932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29932"
},
{
"name": "ADV-2008-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1297/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index31h2"
},
{
"name": "ikiwiki-change-password-csrf(41904)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1553"
},
{
"name": "29907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29907"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445"
},
{
"name": "29932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29932"
},
{
"name": "ADV-2008-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1297/references"
},
{
"name": "http://ikiwiki.info/security/#index31h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index31h2"
},
{
"name": "ikiwiki-change-password-csrf(41904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0165",
"datePublished": "2008-04-20T18:00:00",
"dateReserved": "2008-01-09T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0169 (GCVE-0-2008-0169)
Vulnerability from cvelistv5
Published
2008-06-03 15:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30468"
},
{
"name": "ADV-2008-1710",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770"
},
{
"name": "[oss-security] 20080531 Re: CVE id request: ikiwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/31/3"
},
{
"name": "ikiwiki-openid-passwordauth-auth-bypass(42798)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42798"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/news/version_2.48/index.html"
},
{
"name": "29479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29479"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index33h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30468"
},
{
"name": "ADV-2008-1710",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770"
},
{
"name": "[oss-security] 20080531 Re: CVE id request: ikiwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/31/3"
},
{
"name": "ikiwiki-openid-passwordauth-auth-bypass(42798)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42798"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/news/version_2.48/index.html"
},
{
"name": "29479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29479"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index33h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30468"
},
{
"name": "ADV-2008-1710",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1710"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770"
},
{
"name": "[oss-security] 20080531 Re: CVE id request: ikiwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/31/3"
},
{
"name": "ikiwiki-openid-passwordauth-auth-bypass(42798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42798"
},
{
"name": "http://ikiwiki.info/news/version_2.48/index.html",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/news/version_2.48/index.html"
},
{
"name": "29479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29479"
},
{
"name": "http://ikiwiki.info/security/#index33h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index33h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0169",
"datePublished": "2008-06-03T15:00:00",
"dateReserved": "2008-01-09T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1401 (GCVE-0-2011-1401)
Vulnerability from cvelistv5
Published
2011-04-11 18:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2214",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2214"
},
{
"name": "ADV-2011-1005",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1005"
},
{
"name": "ADV-2011-0907",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0907"
},
{
"name": "44137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index39h2"
},
{
"name": "44079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44079"
},
{
"name": "47285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47285"
},
{
"name": "FEDORA-2011-5249",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the \"meta stylesheet\" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2214",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2214"
},
{
"name": "ADV-2011-1005",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1005"
},
{
"name": "ADV-2011-0907",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0907"
},
{
"name": "44137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index39h2"
},
{
"name": "44079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44079"
},
{
"name": "47285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47285"
},
{
"name": "FEDORA-2011-5249",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the \"meta stylesheet\" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2214",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2214"
},
{
"name": "ADV-2011-1005",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1005"
},
{
"name": "ADV-2011-0907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0907"
},
{
"name": "44137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44137"
},
{
"name": "http://ikiwiki.info/security/#index39h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index39h2"
},
{
"name": "44079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44079"
},
{
"name": "47285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47285"
},
{
"name": "FEDORA-2011-5249",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1401",
"datePublished": "2011-04-11T18:00:00",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2793 (GCVE-0-2015-2793)
Vulnerability from cvelistv5
Published
2019-11-21 19:48
Modified
2024-08-06 05:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:39.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20150329"
}
]
}
],
"datePublic": "2015-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T19:48:14",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-2793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20150329"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"name": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/",
"refsource": "MISC",
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77",
"refsource": "MISC",
"url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"name": "http://openwall.com/lists/oss-security/2015/03/30/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"name": "http://openwall.com/lists/oss-security/2015/03/31/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-2793",
"datePublished": "2019-11-21T19:48:14",
"dateReserved": "2015-03-30T00:00:00",
"dateUpdated": "2024-08-06T05:24:39.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4561 (GCVE-0-2016-4561)
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index43h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-10T18:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index43h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7",
"refsource": "CONFIRM",
"url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"name": "http://ikiwiki.info/security/#index43h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index43h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-4561",
"datePublished": "2016-05-10T19:00:00",
"dateReserved": "2016-05-06T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0356 (GCVE-0-2017-0356)
Vulnerability from cvelistv5
Published
2018-04-13 15:00
Modified
2024-09-17 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- authentication bypass
Summary
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:56.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20170111"
}
]
}
],
"datePublic": "2017-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-14T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95420"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2017-0356",
"discovery": "UNKNOWN"
},
"title": "Authentication bypass via repeated parameters",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-01-11T23:51:00.000Z",
"ID": "CVE-2017-0356",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass via repeated parameters"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20170111"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"name": "https://ikiwiki.info/security/#cve-2017-0356",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95420"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2017-0356",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-0356",
"datePublished": "2018-04-13T15:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-17T02:51:42.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}