Vulnerabilities > Ikiwiki > Ikiwiki > 2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-31 | CVE-2010-1195 | Cross-Site Scripting vulnerability in Ikiwiki Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. | 4.3 |
2009-08-31 | CVE-2009-2944 | Information Disclosure vulnerability in ikiwiki 'teximg' Plugin Insecure TeX Commands Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands. | 5.0 |
2008-06-03 | CVE-2008-0169 | Permissions, Privileges, and Access Controls vulnerability in Ikiwiki Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. | 6.8 |
2008-04-21 | CVE-2008-0165 | Cross-Site Request Forgery (CSRF) vulnerability in Ikiwiki Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. | 4.3 |