CVE Tools

twiki

Web & CMS Pluginsoss-project

15

Cumulative CVEs

11

Monthly snapshots

#59

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting twiki.

CVE-2014-7236Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.9.1Feb 17, 2020
CVE-2013-1751TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.9.8Nov 7, 2019
CVE-2005-3056TWiki allows arbitrary shell command execution via the Include function9.8Nov 1, 2019
CVE-2018-20212bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.6.1Mar 17, 2019
CVE-2014-9325Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMST...4.3Dec 31, 2014
CVE-2014-9367Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) ...4.3Dec 31, 2014
CVE-2014-7237lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00)...6.8Oct 16, 2014
CVE-2012-6330The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large...5.0Jan 4, 2013
CVE-2012-0979Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing o...4.3Feb 2, 2012
CVE-2011-3010Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action,...4.3Sep 30, 2011
CVE-2011-1838Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view s...4.3May 20, 2011
CVE-2010-3841Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script ...4.3Oct 18, 2010
CVE-2009-4898Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a UR...6.8Sep 7, 2010
CVE-2009-1339Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrat...6.0Apr 30, 2009
CVE-2008-5305Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.10.0Dec 10, 2008