Ikiwiki: >> Ikiwiki >> 2.47 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-03-31
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
CVSS Score
5.0
EPSS Score
0.005
Published
2009-08-31
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
CVSS Score
6.8
EPSS Score
0.005
Published
2008-06-03
Page 2