CVE Tools

ikiwiki

Web & CMS Pluginsoss-project

12

Cumulative CVEs

9

Monthly snapshots

#65

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting ikiwiki.

CVE-2015-2793Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier para...6.1Nov 21, 2019
CVE-2010-1673A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.6.1Oct 30, 2019
CVE-2011-1408ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.8.2Oct 29, 2019
CVE-2011-0428Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.6.1Oct 29, 2019
CVE-2019-9187ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.7.5Jun 5, 2019
CVE-2016-9646Commit metadata forgery via CGI::FormBuilder context-dependent APIs5.3Apr 13, 2018
CVE-2017-0356Authentication bypass via repeated parameters9.8Apr 13, 2018
CVE-2016-9645Editing restriction bypass for git revert6.5Apr 10, 2018
CVE-2016-10026ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote...7.5Feb 13, 2017
CVE-2016-4561Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors ...6.1May 10, 2016
CVE-2012-0220Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author...4.3May 29, 2012
CVE-2011-1401ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cros...3.5Apr 11, 2011
CVE-2010-1195Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a cr...4.3Mar 31, 2010
CVE-2009-2944Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.5.0Aug 31, 2009
CVE-2008-0169Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configur...6.8Jun 3, 2008