Vulnerabilities > Ikiwiki > Ikiwiki

DATE CVE VULNERABILITY TITLE RISK
2011-04-11 CVE-2011-1401 Cross-Site Scripting vulnerability in Ikiwiki
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
network
ikiwiki CWE-79
3.5
3.5
2010-03-31 CVE-2010-1195 Cross-Site Scripting vulnerability in Ikiwiki
Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
network
ikiwiki CWE-79
4.3
4.3
2009-08-31 CVE-2009-2944 Information Disclosure vulnerability in ikiwiki 'teximg' Plugin Insecure TeX Commands
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
network
low complexity
ikiwiki
5.0
5.0
2008-06-03 CVE-2008-0169 Permissions, Privileges, and Access Controls vulnerability in Ikiwiki
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
network
ikiwiki CWE-264
6.8
6.8
2008-04-21 CVE-2008-0165 Cross-Site Request Forgery (CSRF) vulnerability in Ikiwiki
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
network
ikiwiki CWE-352
4.3
4.3
2008-02-19 CVE-2008-0809 Cross-Site Scripting vulnerability in Ikiwiki
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
network
ikiwiki CWE-79
4.3
4.3
2008-02-19 CVE-2008-0808 Cross-Site Scripting vulnerability in Ikiwiki
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
network
ikiwiki CWE-79
4.3
4.3