Twiki

Twiki

29 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2011-1838

Exploit
  • EPSS 8.72%
  • Published 20.05.2011 22:55:05
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.

4.3

CVE-2010-3841

Exploit
  • EPSS 0.17%
  • Published 18.10.2010 17:00:04
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.

6.8

CVE-2009-4898

  • EPSS 0.13%
  • Published 07.09.2010 17:00:01
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM...

6

CVE-2009-1339

Exploit
  • EPSS 0.36%
  • Published 30.04.2009 20:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of...

10

CVE-2008-5305

  • EPSS 2.94%
  • Published 10.12.2008 00:30:00
  • Last modified 09.04.2025 00:30:58

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.

4.3

CVE-2008-5304

Exploit
  • EPSS 5.52%
  • Published 10.12.2008 00:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.

6.9

CVE-2008-4998

  • EPSS 0.12%
  • Published 07.11.2008 19:36:24
  • Last modified 09.04.2025 00:30:58

postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.

6.8

CVE-2008-3195

  • EPSS 57.51%
  • Published 18.09.2008 15:04:27
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, an...

5

CVE-2007-5193

  • EPSS 0.23%
  • Published 04.10.2007 16:17:00
  • Last modified 09.04.2025 00:30:58

The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive informa...

4.6

CVE-2007-0669

  • EPSS 0.11%
  • Published 08.02.2007 22:28:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.