Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by wikkawiki
CVE-2013-5586 (GCVE-0-2013-5586)
Vulnerability from cvelistv5 – Published: 2013-09-25 14:00 – Updated: 2024-08-06 17:15
VLAI
Summary
Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://wush.net/trac/wikka/ticket/1152 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://wush.net/trac/wikka/changeset/1896 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/123196 | x_refsource_MISC |
| https://wush.net/trac/wikka/changeset/1900 | x_refsource_CONFIRM |
| http://seclists.org/bugtraq/2013/Sep/47 | mailing-listx_refsource_BUGTRAQ |
| http://docs.wikkawiki.org/WhatsNew134 | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/97183 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/62325 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/54790 | third-party-advisoryx_refsource_SECUNIA |
| https://www.htbridge.com/advisory/HTB23170 | x_refsource_MISC |
| https://wush.net/trac/wikka/ticket/1153 | x_refsource_CONFIRM |
Date Public
2013-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/ticket/1153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/ticket/1153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wush.net/trac/wikka/ticket/1152",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"name": "https://wush.net/trac/wikka/changeset/1896",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"name": "http://packetstormsecurity.com/files/123196",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123196"
},
{
"name": "https://wush.net/trac/wikka/changeset/1900",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"name": "http://docs.wikkawiki.org/WhatsNew134",
"refsource": "CONFIRM",
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"refsource": "OSVDB",
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54790"
},
{
"name": "https://www.htbridge.com/advisory/HTB23170",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"name": "https://wush.net/trac/wikka/ticket/1153",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/ticket/1153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5586",
"datePublished": "2013-09-25T14:00:00.000Z",
"dateReserved": "2013-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:15:21.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4452 (GCVE-0-2011-4452)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 22:46
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wush.net/trac/wikka/changeset/1832 | x_refsource_CONFIRM |
| http://wush.net/trac/wikka/ticket/1098 | x_refsource_CONFIRM |
| http://wush.net/trac/wikka/changeset/1819 | x_refsource_CONFIRM |
| http://wush.net/trac/wikka/ticket/1097 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1832",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"name": "http://wush.net/trac/wikka/ticket/1098",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"name": "http://wush.net/trac/wikka/changeset/1819",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4452",
"datePublished": "2012-09-05T20:00:00.000Z",
"dateReserved": "2011-11-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:46:47.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4451 (GCVE-0-2011-4451)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 20:52 Disputed
VLAI
Summary
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://wush.net/trac/wikka/ticket/1098 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/ticket/1098",
"refsource": "MISC",
"url": "http://wush.net/trac/wikka/ticket/1098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4451",
"datePublished": "2012-09-05T20:00:00.000Z",
"dateReserved": "2011-11-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:52:22.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4449 (GCVE-0-2011-4449)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 20:21
VLAI
Summary
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://wush.net/trac/wikka/ticket/1097 | x_refsource_CONFIRM |
| http://wush.net/trac/wikka/changeset/1822 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"name": "http://wush.net/trac/wikka/changeset/1822",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4449",
"datePublished": "2012-09-05T20:00:00.000Z",
"dateReserved": "2011-11-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:21:27.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4450 (GCVE-0-2011-4450)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 19:51
VLAI
Summary
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://wush.net/trac/wikka/changeset/1828 | x_refsource_CONFIRM |
| http://wush.net/trac/wikka/ticket/1097 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1828",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4450",
"datePublished": "2012-09-05T20:00:00.000Z",
"dateReserved": "2011-11-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:52.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4448 (GCVE-0-2011-4448)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 16:44
VLAI
Summary
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://wush.net/trac/wikka/changeset/1820 | x_refsource_CONFIRM |
| http://wush.net/trac/wikka/ticket/1097 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1820",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4448",
"datePublished": "2012-09-05T20:00:00.000Z",
"dateReserved": "2011-11-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:44:00.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2613 (GCVE-0-2007-2613)
Vulnerability from cvelistv5 – Published: 2007-05-11 10:00 – Updated: 2024-08-07 13:42
VLAI
Summary
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/35825 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/1725 | vdb-entryx_refsource_VUPEN |
| http://wikkawiki.org/WikkaReleaseNotes | x_refsource_CONFIRM |
| http://wush.net/trac/wikka/ticket/98 | x_refsource_CONFIRM |
Date Public
2007-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35825",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35825",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/98"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35825",
"refsource": "OSVDB",
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "http://wush.net/trac/wikka/ticket/98",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/98"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2613",
"datePublished": "2007-05-11T10:00:00.000Z",
"dateReserved": "2007-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2612 (GCVE-0-2007-2612)
Vulnerability from cvelistv5 – Published: 2007-05-11 10:00 – Updated: 2024-08-07 13:42
VLAI
Summary
SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/1725 | vdb-entryx_refsource_VUPEN |
| http://wush.net/trac/wikka/ticket/383 | x_refsource_CONFIRM |
| http://wikkawiki.org/WikkaReleaseNotes | x_refsource_CONFIRM |
| http://osvdb.org/35826 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a \"modified installation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a \"modified installation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wush.net/trac/wikka/ticket/383",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"refsource": "OSVDB",
"url": "http://osvdb.org/35826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2612",
"datePublished": "2007-05-11T10:00:00.000Z",
"dateReserved": "2007-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2552 (GCVE-0-2007-2552)
Vulnerability from cvelistv5 – Published: 2007-05-09 10:00 – Updated: 2024-08-07 13:42
VLAI
Summary
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.attrition.org/pipermail/vim/2007-May/0… | mailing-listx_refsource_VIM |
| http://www.vupen.com/english/advisories/2007/1725 | vdb-entryx_refsource_VUPEN |
| http://wikkawiki.org/WikkaReleaseNotes | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/23894 | vdb-entryx_refsource_BID |
| http://wush.net/trac/wikka/ticket/305 | x_refsource_CONFIRM |
| http://osvdb.org/35827 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/25181 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"name": "http://wush.net/trac/wikka/ticket/305",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"refsource": "OSVDB",
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2552",
"datePublished": "2007-05-09T10:00:00.000Z",
"dateReserved": "2007-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2551 (GCVE-0-2007-2551)
Vulnerability from cvelistv5 – Published: 2007-05-09 10:00 – Updated: 2024-08-07 13:42
VLAI
Summary
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/1725 | vdb-entryx_refsource_VUPEN |
| http://wikkawiki.org/WikkaReleaseNotes | x_refsource_CONFIRM |
| http://osvdb.org/35828 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/23894 | vdb-entryx_refsource_BID |
| http://wush.net/trac/wikka/ticket/363 | x_refsource_CONFIRM |
| http://secunia.com/advisories/25181 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"refsource": "OSVDB",
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"name": "http://wush.net/trac/wikka/ticket/363",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2551",
"datePublished": "2007-05-09T10:00:00.000Z",
"dateReserved": "2007-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7050 (GCVE-0-2006-7050)
Vulnerability from cvelistv5 – Published: 2007-02-24 00:00 – Updated: 2024-08-07 20:50
VLAI
Summary
Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://wikkawiki.org/WikkaReleaseNotes | x_refsource_CONFIRM |
| http://wush.net/trac/wikka/changeset/47 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/2381 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20628 | third-party-advisoryx_refsource_SECUNIA |
| http://wush.net/trac/wikka/ticket/142 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/18481 | vdb-entryx_refsource_BID |
Date Public
2006-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/47"
},
{
"name": "ADV-2006-2381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2381"
},
{
"name": "20628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/142"
},
{
"name": "wikkawiki-url-xss(27227)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27227"
},
{
"name": "18481",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/47"
},
{
"name": "ADV-2006-2381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2381"
},
{
"name": "20628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/142"
},
{
"name": "wikkawiki-url-xss(27227)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27227"
},
{
"name": "18481",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "http://wush.net/trac/wikka/changeset/47",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/47"
},
{
"name": "ADV-2006-2381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2381"
},
{
"name": "20628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20628"
},
{
"name": "http://wush.net/trac/wikka/ticket/142",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/142"
},
{
"name": "wikkawiki-url-xss(27227)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27227"
},
{
"name": "18481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7050",
"datePublished": "2007-02-24T00:00:00.000Z",
"dateReserved": "2007-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:06.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7049 (GCVE-0-2006-7049)
Vulnerability from cvelistv5 – Published: 2007-02-24 00:00 – Updated: 2024-08-07 20:50
VLAI
Summary
The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://wikkawiki.org/WikkaReleaseNotes | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/2381 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20628 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18484 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/26543 | vdb-entryx_refsource_OSVDB |
Date Public
2006-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:05.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wikkawiki-method-security-bypass(27226)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27226"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "ADV-2006-2381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2381"
},
{
"name": "20628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20628"
},
{
"name": "18484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18484"
},
{
"name": "26543",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wikkawiki-method-security-bypass(27226)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27226"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "ADV-2006-2381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2381"
},
{
"name": "20628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20628"
},
{
"name": "18484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18484"
},
{
"name": "26543",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26543"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wikkawiki-method-security-bypass(27226)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27226"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "ADV-2006-2381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2381"
},
{
"name": "20628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20628"
},
{
"name": "18484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18484"
},
{
"name": "26543",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26543"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7049",
"datePublished": "2007-02-24T00:00:00.000Z",
"dateReserved": "2007-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:05.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4255 (GCVE-0-2005-4255)
Vulnerability from cvelistv5 – Published: 2005-12-15 11:00 – Updated: 2024-08-07 23:38
VLAI
Summary
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18015 | third-party-advisoryx_refsource_SECUNIA |
| http://pridels0.blogspot.com/2005/12/wikkawiki-xs… | x_refsource_MISC |
| http://www.securityfocus.com/bid/15860 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/2887 | vdb-entryx_refsource_VUPEN |
Date Public
2005-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/12/wikkawiki-xss-vuln.html"
},
{
"name": "15860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15860"
},
{
"name": "ADV-2005-2887",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-13T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/12/wikkawiki-xss-vuln.html"
},
{
"name": "15860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15860"
},
{
"name": "ADV-2005-2887",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18015"
},
{
"name": "http://pridels0.blogspot.com/2005/12/wikkawiki-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/wikkawiki-xss-vuln.html"
},
{
"name": "15860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15860"
},
{
"name": "ADV-2005-2887",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4255",
"datePublished": "2005-12-15T11:00:00.000Z",
"dateReserved": "2005-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}