Vulnerabilities > Jspwiki > Jspwiki > 2.4.104
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-10 | CVE-2008-1231 | Path Traversal vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. | 9.3 |
2008-03-10 | CVE-2008-1230 | Permissions, Privileges, and Access Controls vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page." Reference links suggest possible solution upgrade to latest version (2.6.1) at: http://www.jspwiki.org/wiki/JSPWikiDownload | 9.3 |
2008-03-10 | CVE-2008-1229 | Cross-Site Scripting vulnerability in Jspwiki 2.4.104/2.5.139/2.5.139Beta Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b. | 4.3 |