Vulnerabilities > Wikkawiki > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-09-25 CVE-2013-5586 Cross-Site Scripting vulnerability in Wikkawiki
Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.
network
wikkawiki CWE-79
4.3
2012-09-05 CVE-2011-4452 Cross-Site Request Forgery (CSRF) vulnerability in Wikkawiki 1.3.1/1.3.2
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
network
wikkawiki CWE-352
6.8
2012-09-05 CVE-2011-4450 Path Traversal vulnerability in Wikkawiki 1.3.1/1.3.2
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial ..
network
low complexity
wikkawiki CWE-22
6.4
2012-09-05 CVE-2011-4449 Unspecified vulnerability in Wikkawiki 1.3.1/1.3.2
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
network
wikkawiki
6.8
2007-05-09 CVE-2007-2552 Information Exposure vulnerability in Wikkawiki
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
network
low complexity
wikkawiki CWE-200
5.0
2007-05-09 CVE-2007-2551 Cross-Site Scripting And Information Disclosure vulnerability in WikkaWiki
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
network
wikkawiki
4.3
2007-02-24 CVE-2006-7050 Cross-Site Scripting vulnerability in WikkaWiki
Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.
network
wikkawiki
6.8
2005-12-15 CVE-2005-4255 Cross-Site Scripting vulnerability in WikkaWiki
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.
network
wikkawiki
4.3