This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ikiwiki First view 2008-02-18
Product Ikiwiki Last view 2019-11-21
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:ikiwiki:ikiwiki:1.34.1:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.45:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.38:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.34:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.39:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.40:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.44:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.43:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.36:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.35:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.37:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.34.2:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.5:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.42:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.41:*:*:*:*:*:*:* 16
cpe:2.3:a:ikiwiki:ikiwiki:1.15:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:2.2:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.17:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.26:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.22:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:2.4:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:2.5:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.30:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.12:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.14:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.24:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.0:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.7:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.6:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.9:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.19:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.25:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.21:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.2:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.16:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:2.3:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.8:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:2.0:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:2.1:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.23:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.28:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.10:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.31:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.32:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.1.47:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.33.3:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.46:*:*:*:*:*:*:* 15
cpe:2.3:a:ikiwiki:ikiwiki:1.4:*:*:*:*:*:*:* 15

Related : CVE

  Date Alert Description
6.1 2019-11-21 CVE-2015-2793

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
6.1 2019-10-30 CVE-2010-1673

A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
8.2 2019-10-29 CVE-2011-1408

ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
6.1 2019-10-29 CVE-2011-0428

Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
7.5 2019-06-05 CVE-2019-9187

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
9.8 2018-04-13 CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
5.3 2018-04-13 CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
6.5 2018-04-10 CVE-2016-9645

The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
7.5 2017-02-13 CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
6.1 2016-05-10 CVE-2016-4561

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
4.3 2012-05-29 CVE-2012-0220

Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.
3.5 2011-04-11 CVE-2011-1401

ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
4.3 2010-03-31 CVE-2010-1195

Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
5 2009-08-31 CVE-2009-2944

Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
6.8 2008-06-03 CVE-2008-0169

Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
4.3 2008-04-21 CVE-2008-0165

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
4.3 2008-02-18 CVE-2008-0809

Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
4.3 2008-02-18 CVE-2008-0808

Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.

CWE : Common Weakness Enumeration

%idName
56% (9) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
12% (2) CWE-287 Improper Authentication
12% (2) CWE-284 Access Control (Authorization) Issues
6% (1) CWE-352 Cross-Site Request Forgery (CSRF)
6% (1) CWE-264 Permissions, Privileges, and Access Controls
6% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:7694 DSA-1523 ikiwiki -- cross-site scripting
oval:org.mitre.oval:def:18723 DSA-1523-1 ikiwiki - cross-site scripting
oval:org.mitre.oval:def:7927 DSA-1553 ikiwiki -- cross-site request forgery
oval:org.mitre.oval:def:18725 DSA-1553-1 ikiwiki - cross-site request forgery
oval:org.mitre.oval:def:7859 DSA-1875 ikiwiki -- missing input sanitising
oval:org.mitre.oval:def:13668 DSA-1875-1 ikiwiki -- missing input sanitising
oval:org.mitre.oval:def:12147 DSA-2214-1 ikiwiki -- missing input validation
oval:org.mitre.oval:def:20108 DSA-2474-1 ikiwiki - cross-site scripting

Open Source Vulnerability Database (OSVDB)

id Description
71838 ikiwiki meta stylesheet XSS
63024 ikiwiki htmlscrubber Component data:image/svg+xml URI XSS
57575 teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
45893 ikiwiki Account Password Null Value Weakness
44657 ikiwiki User Preferences Multiple Form CSRF
41477 ikiwiki meta plugin javascript: URL XSS
41476 ikiwiki htmlscrubber javascript: URL XSS

OpenVAS Exploits

id Description
2012-08-30 Name : Fedora Update for ikiwiki FEDORA-2012-7976
File : nvt/gb_fedora_2012_7976_ikiwiki_fc17.nasl
2012-05-31 Name : Debian Security Advisory DSA 2474-1 (ikiwiki)
File : nvt/deb_2474_1.nasl
2012-05-28 Name : Fedora Update for ikiwiki FEDORA-2012-8161
File : nvt/gb_fedora_2012_8161_ikiwiki_fc15.nasl
2012-05-28 Name : Fedora Update for ikiwiki FEDORA-2012-8151
File : nvt/gb_fedora_2012_8151_ikiwiki_fc16.nasl
2011-08-03 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki5.nasl
2011-05-12 Name : Debian Security Advisory DSA 2214-1 (ikiwiki)
File : nvt/deb_2214_1.nasl
2011-04-22 Name : Fedora Update for ikiwiki FEDORA-2011-5180
File : nvt/gb_fedora_2011_5180_ikiwiki_fc14.nasl
2011-04-22 Name : Fedora Update for ikiwiki FEDORA-2011-5173
File : nvt/gb_fedora_2011_5173_ikiwiki_fc13.nasl
2010-04-06 Name : Ikiwiki 'htmlscrubber' Cross Site Scripting Vulnerability
File : nvt/gb_ikiwiki_htmlscrubber_xss_vuln.nasl
2010-04-06 Name : Fedora Update for ikiwiki FEDORA-2010-4933
File : nvt/gb_fedora_2010_4933_ikiwiki_fc11.nasl
2010-03-30 Name : Debian Security Advisory DSA 2020-1 (ikiwiki)
File : nvt/deb_2020_1.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9254 (ikiwiki)
File : nvt/fcore_2009_9254.nasl
2009-09-15 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki4.nasl
2009-09-15 Name : Fedora Core 11 FEDORA-2009-9244 (ikiwiki)
File : nvt/fcore_2009_9244.nasl
2009-09-03 Name : ikiwiki Teximg Plugin TeX Command Arbitrary File Disclosure Vulnerability
File : nvt/gb_ikiwiki_teximg_info_disclosure_vuln.nasl
2009-09-02 Name : Debian Security Advisory DSA 1875-1 (ikiwiki)
File : nvt/deb_1875_1.nasl
2008-09-04 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki3.nasl
2008-09-04 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki1.nasl
2008-09-04 Name : FreeBSD Ports: ikiwiki
File : nvt/freebsd_ikiwiki0.nasl
2008-06-11 Name : Debian Security Advisory DSA 1553-2 (ikiwiki)
File : nvt/deb_1553_2.nasl
2008-04-21 Name : Debian Security Advisory DSA 1553-1 (ikiwiki)
File : nvt/deb_1553_1.nasl
2008-03-19 Name : Debian Security Advisory DSA 1523-1 (ikiwiki)
File : nvt/deb_1523_1.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-03-06 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_7b35a77a015111e7ae1b002590263bf5.nasl - Type: ACT_GATHER_INFO
2017-03-06 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_5ed094a0015011e7ae1b002590263bf5.nasl - Type: ACT_GATHER_INFO
2017-02-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-812.nasl - Type: ACT_GATHER_INFO
2017-01-31 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8873ebdb43.nasl - Type: ACT_GATHER_INFO
2017-01-30 Name: The remote Fedora host is missing a security update.
File: fedora_2017-c756d37779.nasl - Type: ACT_GATHER_INFO
2017-01-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3760.nasl - Type: ACT_GATHER_INFO
2016-06-06 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_0297b2602b3b11e6ae88002590263bf5.nasl - Type: ACT_GATHER_INFO
2016-05-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3571.nasl - Type: ACT_GATHER_INFO
2016-05-11 Name: The remote Debian host is missing a security update.
File: debian_DLA-463.nasl - Type: ACT_GATHER_INFO
2015-05-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-6815.nasl - Type: ACT_GATHER_INFO
2015-05-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-6806.nasl - Type: ACT_GATHER_INFO
2015-05-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-6759.nasl - Type: ACT_GATHER_INFO
2012-05-29 Name: The remote Fedora host is missing a security update.
File: fedora_2012-7976.nasl - Type: ACT_GATHER_INFO
2012-05-29 Name: The remote Fedora host is missing a security update.
File: fedora_2012-8151.nasl - Type: ACT_GATHER_INFO
2012-05-29 Name: The remote Fedora host is missing a security update.
File: fedora_2012-8161.nasl - Type: ACT_GATHER_INFO
2012-05-18 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2474.nasl - Type: ACT_GATHER_INFO
2011-06-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3145faf1974c11e0869e000c29249b2e.nasl - Type: ACT_GATHER_INFO
2011-04-22 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5180.nasl - Type: ACT_GATHER_INFO
2011-04-22 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5173.nasl - Type: ACT_GATHER_INFO
2011-04-18 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5249.nasl - Type: ACT_GATHER_INFO
2011-04-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2214.nasl - Type: ACT_GATHER_INFO
2010-03-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2020.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1875.nasl - Type: ACT_GATHER_INFO
2009-09-14 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6e8f54afa07d11dea649000c2955660f.nasl - Type: ACT_GATHER_INFO
2009-09-14 Name: The remote Fedora host is missing a security update.
File: fedora_2009-9254.nasl - Type: ACT_GATHER_INFO