Vulnerabilities > Twiki > Twiki > 4.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-10 | CVE-2008-5304 | Cross-Site Scripting vulnerability in Twiki Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. | 4.3 |
| 2008-09-18 | CVE-2008-3195 | Path Traversal vulnerability in Twiki Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. | 6.8 |
| 2007-02-08 | CVE-2007-0669 | Unspecified vulnerability in Twiki Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files. | 4.6 |
| 2006-12-02 | CVE-2006-6071 | Information Disclosure vulnerability in TWiki Failed Login TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password. | 9.0 |