Vulnerabilities > Ikiwiki

DATE	CVE	VULNERABILITY TITLE	RISK
2011-04-11	CVE-2011-1401	Cross-Site Scripting vulnerability in Ikiwiki ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet. network ikiwiki CWE-79	3.5
2010-03-31	CVE-2010-1195	Cross-Site Scripting vulnerability in Ikiwiki Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. network ikiwiki CWE-79	4.3
2009-08-31	CVE-2009-2944	Information Disclosure vulnerability in ikiwiki 'teximg' Plugin Insecure TeX Commands Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands. network low complexity ikiwiki	5.0
2008-06-03	CVE-2008-0169	Permissions, Privileges, and Access Controls vulnerability in Ikiwiki Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. network ikiwiki CWE-264	6.8
2008-04-21	CVE-2008-0165	Cross-Site Request Forgery (CSRF) vulnerability in Ikiwiki Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. network ikiwiki CWE-352	4.3
2008-02-19	CVE-2008-0809	Cross-Site Scripting vulnerability in Ikiwiki Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents. network ikiwiki CWE-79	4.3
2008-02-19	CVE-2008-0808	Cross-Site Scripting vulnerability in Ikiwiki Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags. network ikiwiki CWE-79	4.3

Vulnerabilities > Ikiwiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ikiwiki"}]}

Vulnerabilities > Ikiwiki