Ikiwiki: >> Ikiwiki >> 2.13 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-03-31
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
CVSS Score
5.0
EPSS Score
0.005
Published
2009-08-31
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
CVSS Score
6.8
EPSS Score
0.005
Published
2008-06-03
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
CVSS Score
4.3
EPSS Score
0.002
Published
2008-04-21
Page 2