Vulnerabilities > Twiki > Twiki > 4.3.2

DATE CVE VULNERABILITY TITLE RISK
2020-02-17 CVE-2014-7236 Injection vulnerability in Twiki
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
network
low complexity
twiki CWE-74
6.4
6.4
2019-11-07 CVE-2013-1751 Improper Input Validation vulnerability in Twiki
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
network
low complexity
twiki CWE-20
critical
 10.0
10
2014-10-16 CVE-2014-7237 Permissions, Privileges, and Access Controls vulnerability in multiple products
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code. 		6.8
6.8
2013-01-04 CVE-2012-6330 Numeric Errors vulnerability in multiple products
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
network
low complexity
twiki foswiki CWE-189
5.0
5.0
2011-09-30 CVE-2011-3010 Cross-Site Scripting vulnerability in Twiki
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
network
twiki CWE-79
4.3
4.3
2011-05-20 CVE-2011-1838 Cross-Site Scripting vulnerability in Twiki
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
network
twiki CWE-79
4.3
4.3
2010-10-18 CVE-2010-3841 Cross-Site Scripting vulnerability in Twiki
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
network
twiki CWE-79
4.3
4.3