Vulnerabilities > Twiki > Twiki > 4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-10 | CVE-2008-5304 | Cross-Site Scripting vulnerability in Twiki Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. | 4.3 |
| 2008-09-18 | CVE-2008-3195 | Path Traversal vulnerability in Twiki Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. | 6.8 |