Vulnerabilites related to pmwiki - pmwiki
Vulnerability from fkie_nvd
Published
2020-02-05 19:15
Modified
2024-11-21 01:21
Severity ?
Summary
PmWiki before 2.2.21 has XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://packetstormsecurity.com/files/cve/CVE-2010-4662 | Broken Link | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2011/02/23/23 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/cve/CVE-2010-4662 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/02/23/23 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5550C8-007E-4E28-93DA-7F1AE1D0F2F1",
"versionEndExcluding": "2.2.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PmWiki before 2.2.21 has XSS."
},
{
"lang": "es",
"value": "PmWiki versiones anteriores a 2.2.21, presenta una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2010-4662",
"lastModified": "2024-11-21T01:21:27.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T19:15:09.897",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-31 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1_beta_20:*:*:*:*:*:*:*",
"matchCriteriaId": "E219340F-4FBB-471C-B751-8BA79C67BFC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
],
"id": "CVE-2006-0479",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-31T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18634"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-01 22:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3164405B-030E-4505-992C-BB26498C5674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en pmwiki.php de PmWiki 2.2.20. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro from de Main/WikiSandbox. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceras partes."
}
],
"id": "CVE-2010-4748",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-01T22:00:01.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42608"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8113"
},
{
"source": "cve@mitre.org",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-27 00:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5AD912C-2B2E-4EF9-B797-D03212A999BE",
"versionEndIncluding": "2.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCD728C-520B-4B33-95D7-C0D707C9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37757C05-8BDD-4C3F-9AA2-42D82E144804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFDB074-6C50-4B59-8FA9-17888551AE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DCC295-2936-434F-972F-2A88FB39669C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6EBCCD-40A4-4FD1-B8EC-A5CC1EA93FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917B98DC-FDA0-4876-8730-354615D90928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48F85DBC-9447-4826-BB17-6C19EDBBB581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD57B98-0EC2-4AFA-BE94-1774B98781A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E38076A-69A6-42D0-A563-9A01F979CD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1FDC77-46E2-45DA-A08F-7134B0F550B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D649269D-7AB9-4791-8BE6-CF29CF553103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5C169E-480C-4208-8627-894F10C2FFCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
],
"id": "CVE-2005-3849",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-27T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17707"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/201"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21056"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2532"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-06 20:06
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pmwiki | pmwiki | * | |
| pmwiki | pmwiki | 2.0.0 | |
| pmwiki | pmwiki | 2.0.1 | |
| pmwiki | pmwiki | 2.0.2 | |
| pmwiki | pmwiki | 2.0.3 | |
| pmwiki | pmwiki | 2.0.4 | |
| pmwiki | pmwiki | 2.0.5 | |
| pmwiki | pmwiki | 2.0.6 | |
| pmwiki | pmwiki | 2.0.7 | |
| pmwiki | pmwiki | 2.0.8 | |
| pmwiki | pmwiki | 2.0.9 | |
| pmwiki | pmwiki | 2.0.10 | |
| pmwiki | pmwiki | 2.0.11 | |
| pmwiki | pmwiki | 2.0.12 | |
| pmwiki | pmwiki | 2.0.13 | |
| pmwiki | pmwiki | 2.1.0 | |
| pmwiki | pmwiki | 2.1.1 | |
| pmwiki | pmwiki | 2.1.2 | |
| pmwiki | pmwiki | 2.1.3 | |
| pmwiki | pmwiki | 2.1.4 | |
| pmwiki | pmwiki | 2.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5BA5BF-4641-46B5-9413-A77D612D1D98",
"versionEndIncluding": "2.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCD728C-520B-4B33-95D7-C0D707C9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37757C05-8BDD-4C3F-9AA2-42D82E144804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFDB074-6C50-4B59-8FA9-17888551AE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DCC295-2936-434F-972F-2A88FB39669C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6EBCCD-40A4-4FD1-B8EC-A5CC1EA93FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917B98DC-FDA0-4876-8730-354615D90928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48F85DBC-9447-4826-BB17-6C19EDBBB581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD57B98-0EC2-4AFA-BE94-1774B98781A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E38076A-69A6-42D0-A563-9A01F979CD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1FDC77-46E2-45DA-A08F-7134B0F550B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D649269D-7AB9-4791-8BE6-CF29CF553103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5C169E-480C-4208-8627-894F10C2FFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B142168-A959-4593-9910-D50E738B0AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4D6FF4-E09A-4369-A17A-99375006E927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B6CC82-DA0C-4951-AACF-FA5474F7243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56A679D6-5261-4351-BD09-8975BAA44927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4FC7BC-0253-4A44-925E-57289B7BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E80F47F-D848-4FE9-9030-AFDF992F31B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "578735E1-72AC-4607-ADB2-FBAEE7B90087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "728FE60F-DC52-46B0-B718-4E7F1535AA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nPmWiki, PmWiki, 2.1.7",
"id": "CVE-2006-2840",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-06T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20386"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-12 11:46
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "53B96FBC-C880-42DB-9617-986189AF4F96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n de tabla en PmWiki v2.2.15 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s del atributo de ancho (width)."
}
],
"id": "CVE-2010-1481",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-12T11:46:31.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39698"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-22 15:29
Modified
2025-04-11 00:51
Severity ?
Summary
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCD728C-520B-4B33-95D7-C0D707C9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37757C05-8BDD-4C3F-9AA2-42D82E144804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFDB074-6C50-4B59-8FA9-17888551AE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DCC295-2936-434F-972F-2A88FB39669C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6EBCCD-40A4-4FD1-B8EC-A5CC1EA93FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917B98DC-FDA0-4876-8730-354615D90928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48F85DBC-9447-4826-BB17-6C19EDBBB581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD57B98-0EC2-4AFA-BE94-1774B98781A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E38076A-69A6-42D0-A563-9A01F979CD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1FDC77-46E2-45DA-A08F-7134B0F550B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D649269D-7AB9-4791-8BE6-CF29CF553103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5C169E-480C-4208-8627-894F10C2FFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B142168-A959-4593-9910-D50E738B0AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4D6FF4-E09A-4369-A17A-99375006E927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B6CC82-DA0C-4951-AACF-FA5474F7243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56A679D6-5261-4351-BD09-8975BAA44927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4FC7BC-0253-4A44-925E-57289B7BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E80F47F-D848-4FE9-9030-AFDF992F31B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "578735E1-72AC-4607-ADB2-FBAEE7B90087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "728FE60F-DC52-46B0-B718-4E7F1535AA1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F0FD1-2CAB-4E05-AF19-79D3E5B5F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "96773E69-5182-4046-B29C-7BEF6653786A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "365F50C3-05F7-41A3-AE93-366DBBC829B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D440EFA-606A-402D-8F12-86E5B9C03CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23D6BE6E-A13F-48B2-9813-8C0C94C8E2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DB117C-E330-4CFE-B4E0-3C39A3DF1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F50EACAA-54D7-4C15-87A2-BD68C222446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74CDAFF6-C979-466C-914D-E6C03200C051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E4581490-B665-407C-BEB9-51F1266A4ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EC20F93E-F83E-4625-B79D-CCE49D43E9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0F3638-4F2E-4790-AFA9-C68C2F298A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F18FE5BE-A80B-4858-9E4F-E25C693F4B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "35CBBD56-B8F4-4639-A199-088150983204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E535C1-E27B-4BC8-9576-5634D57137DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "544983E1-C794-4BEA-9F5B-C43DD9967496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "29F4FADC-F1AE-429B-9C81-EB0373CAD9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "86A85DD3-CD6E-49CA-85E3-2D733AAD3BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A2CE64-2A51-4C71-BC28-74DBB172BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0009552C-46FF-4B1F-9E07-3F255099516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2B787DC2-6AF4-468A-8ABF-CB2C0E7ABD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "58467667-01C0-456C-8A01-B0426F460BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "35A7CF02-B9AB-4CDE-A2ED-6C4FB423045A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5890B71-6E21-4BE0-8C02-B69C8D55BF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "75E151B2-986C-4071-B430-3C6B12F73490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "67934660-AECE-4C3E-BFE8-3C884237F360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D120EC81-8FD3-44B6-9483-993EBC894D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BA274B0E-5784-4DA6-9FA4-B629BAA0B699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "C0969BF3-3DB1-4514-A5BA-7D173E4B85E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C30DD440-C0DD-495B-AC2D-5A62EF46020A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "C7B95B77-00EB-4BB5-A4E7-F1234394A262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "DD066CC3-2572-4370-8953-BE75F0997B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "DC20291B-6607-4829-A98D-404F57C1CBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "1306121B-6D16-4869-B85F-61587521DB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "5122D98D-FB78-4D7A-9CD0-146F29D0C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "07E98A35-9E6B-4C63-A5DC-F4EC70A063D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "709A8ECE-7796-4253-8E8D-4438282613F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "E0EE77EB-2EBE-4FFD-B230-447D730DABF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "D27AD41E-6488-4A22-922E-C301DB01B9BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "D0CA05C1-D5A2-4EA9-8F9E-3910D28DE9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "87167BC5-61EC-41BF-9552-9E6E3C7C2950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "D83007B4-0EA5-4905-81EE-4D5A40F0E26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "2D65264B-3A14-4EB7-A983-EB952704689D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta27:*:*:*:*:*:*",
"matchCriteriaId": "F148DF79-D34F-4BA6-A937-DB3F768846A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta28:*:*:*:*:*:*",
"matchCriteriaId": "9B97731D-8441-4AC3-9EB7-77DACBF74EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta29:*:*:*:*:*:*",
"matchCriteriaId": "6D58527F-7F7D-49E3-8428-205C5668885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "D252D3FB-A5E1-4390-AC6C-34AC2A05BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta30:*:*:*:*:*:*",
"matchCriteriaId": "5E021DF8-48EB-4818-AC5B-DE9EFD5E588D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta31:*:*:*:*:*:*",
"matchCriteriaId": "09440DC9-4248-40EA-A25B-057E7F24A964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta32:*:*:*:*:*:*",
"matchCriteriaId": "6F9DC4F8-C1B5-40E1-83D7-83939A8C4C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta33:*:*:*:*:*:*",
"matchCriteriaId": "D7516A5A-764B-464B-930A-8B9CF7DD72AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta34:*:*:*:*:*:*",
"matchCriteriaId": "1C8B2042-9733-41C3-B36C-D411348EAA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta35:*:*:*:*:*:*",
"matchCriteriaId": "C8574393-4DB4-4F93-A854-DC91F056029D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta36:*:*:*:*:*:*",
"matchCriteriaId": "8369EF73-E83E-4AD8-904C-9FD4C2C251ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta37:*:*:*:*:*:*",
"matchCriteriaId": "A53D8B2E-1EA8-43EE-B8BC-8D2BAF828DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta38:*:*:*:*:*:*",
"matchCriteriaId": "08745BAA-FCD1-4989-B142-7B5F92A575C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta39:*:*:*:*:*:*",
"matchCriteriaId": "3E1C5323-4572-455F-8674-8410FD325BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9804017C-141B-4666-926A-1F8708DCE5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta40:*:*:*:*:*:*",
"matchCriteriaId": "8F602A9E-0EBB-4F66-A197-71CE224A15EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta41:*:*:*:*:*:*",
"matchCriteriaId": "48AB6EA9-5C0A-4D15-A45D-A40CC04E94E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta42:*:*:*:*:*:*",
"matchCriteriaId": "8CD705AB-9D86-4545-BB42-105516CB532A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta43:*:*:*:*:*:*",
"matchCriteriaId": "F8D62C69-43B3-486F-9ABD-2862489D4B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta44:*:*:*:*:*:*",
"matchCriteriaId": "0627AF2E-BFD1-4CBF-A1C5-3945ECDF22FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta45:*:*:*:*:*:*",
"matchCriteriaId": "464207FE-0212-49B3-B9A6-9798C4520395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta46:*:*:*:*:*:*",
"matchCriteriaId": "194B19A6-4937-4D79-A948-C0C810990532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta47:*:*:*:*:*:*",
"matchCriteriaId": "5E8703C1-0753-4EA9-BA9D-59FD9016A071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta48:*:*:*:*:*:*",
"matchCriteriaId": "345A7C6E-C6A9-4719-A2FF-46D3BADBBCB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta49:*:*:*:*:*:*",
"matchCriteriaId": "2A74F1C1-5CA4-4148-A975-6E9AB1F4AACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "ED922251-7351-42A7-9D60-D323D6DE06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta50:*:*:*:*:*:*",
"matchCriteriaId": "82B8B4B2-DFAF-4DD3-9B9E-540F4459BC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta51:*:*:*:*:*:*",
"matchCriteriaId": "B598E10C-BFB2-4B2B-B9E4-FC55CD9848E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta52:*:*:*:*:*:*",
"matchCriteriaId": "C815EA2B-C08F-4476-8A82-1F02CE881989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta53:*:*:*:*:*:*",
"matchCriteriaId": "D86A2C67-C494-432F-9CE5-232C5F5F82A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta54:*:*:*:*:*:*",
"matchCriteriaId": "03C8B021-A346-40DC-8399-970CF07D7949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta55:*:*:*:*:*:*",
"matchCriteriaId": "1A1DF42C-614D-487F-BFCF-8B07A3A14F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta56:*:*:*:*:*:*",
"matchCriteriaId": "A62223B3-335F-47B1-B0BD-CA3BE0457FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta57:*:*:*:*:*:*",
"matchCriteriaId": "6F943380-7AE9-4A87-84CE-454F0F8FE7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta58:*:*:*:*:*:*",
"matchCriteriaId": "7C6C152F-E1F5-4D36-9F03-A213F7666F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta59:*:*:*:*:*:*",
"matchCriteriaId": "6CA57460-890D-41A5-AFBA-24E5B4FCADBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A04E8DC-7569-45EE-929A-CF8F48982DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta60:*:*:*:*:*:*",
"matchCriteriaId": "838B897C-C055-404A-BB3F-0AA7EEB00BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta61:*:*:*:*:*:*",
"matchCriteriaId": "D03CC0B5-281C-4A43-95BA-E57F487D8199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta62:*:*:*:*:*:*",
"matchCriteriaId": "1EB215AD-3F88-4CD9-BAAD-EF4237E4CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta63:*:*:*:*:*:*",
"matchCriteriaId": "25352328-12FB-4DA3-8247-380D22032737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta64:*:*:*:*:*:*",
"matchCriteriaId": "D1471F94-B9A5-476F-9C08-564BFAC86DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta65:*:*:*:*:*:*",
"matchCriteriaId": "B50099CD-6B5E-4AFE-94D2-35E3D7ABA489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta66:*:*:*:*:*:*",
"matchCriteriaId": "C22E003E-AAEF-41C0-8A35-C05DF43422AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta67:*:*:*:*:*:*",
"matchCriteriaId": "2D15D973-75B0-4C5D-896F-5F8509AA2812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta68:*:*:*:*:*:*",
"matchCriteriaId": "B42548D3-8933-49A9-AABE-D4B0A8E6CF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "A70E927D-11DE-4705-8235-464938CB57E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "2BFB4567-3055-4A2F-8CF3-A5AFE523D454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "285649DA-99BB-4A61-9F55-D44A58F3F197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC90230A-7C5B-4DF3-8009-DD7C67E0F2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D452B15-3B1F-4F91-960E-A1A9C464C42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D6599E-2190-4063-A653-80666FE53887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9FDB6-2144-4D66-943E-ABCAC172FE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDBF92F-942B-4C5E-9B93-5B68837ABD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD0EE76-1FE1-4699-B63B-00DE4A27ACA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "666650A5-889F-4F53-A84F-F2B2C6AAFEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2351390C-89C4-4160-A1FC-CD2C5379B64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D660454E-D195-42AA-B39A-4B56F1B593E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "639B1108-DD76-4177-AD59-4C8B93515A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "501DB859-06E9-42E3-AA21-A805118C5482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E6772-F8EA-4D55-BFC9-A9838C5DD7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "30542C0F-83ED-4CB6-8B77-EFAD4635D254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "25AFF08F-BEF2-4C5C-A45F-7D48B6B306D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "53B96FBC-C880-42DB-9617-986189AF4F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B48585-AA80-4B69-9BE1-46C47FF1EC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "52C59ECC-97EA-4C1B-87BF-9C5C9C960507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "7263749C-90CD-4535-8BA6-FB766C87EE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A042F2B3-3AC6-49A4-AC80-45C65C4EDEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3164405B-030E-4505-992C-BB26498C5674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "694B570D-48D8-4657-A5B5-F3EEDBBD91B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "20C3AD09-9A40-4408-938C-6254DC9FE43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "61346DA4-3504-46C2-B9F5-F03926D213DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "EB59AE36-3EE3-4CA9-8CBA-CD37E93CEED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B6178CA6-3728-4346-8F0B-DFA599304091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1C8AD0-73C8-4A3A-AF37-CDDD5C37E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "00D036EF-C311-40C0-AB99-5FFE23E5AB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA0E3BE-376F-4E83-AA0F-4723FEF9684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3B99C694-B54C-42D3-A6E2-A2AC4EC26BAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E18066-AF64-4071-A860-1640CB03B86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5BD95F-4999-4C62-947E-D7247E2B0273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "6B682845-7676-4309-BCEC-B6217EE07211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "0F18EEBB-46C7-4D36-BA47-A5701F278303",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
},
{
"lang": "es",
"value": "La funci\u00f3n PageListSort en los ficheros scripts/pagelist.php en PmWiki v2.x anteriores a v2.2.35, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de secuencias PHP en un par\u00e1metro manipulado en una directiva pagelist, que conducen a un uso inadecuado de la funci\u00f3n create_function PHP."
}
],
"id": "CVE-2011-4453",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-22T15:29:20.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-30 16:04
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pmwiki | pmwiki | 2.1.0 | |
| pmwiki | pmwiki | 2.1.1 | |
| pmwiki | pmwiki | 2.1.2 | |
| pmwiki | pmwiki | 2.1.3 | |
| pmwiki | pmwiki | 2.1.4 | |
| pmwiki | pmwiki | 2.1.5 | |
| pmwiki | pmwiki | 2.1.6 | |
| pmwiki | pmwiki | 2.1.7 | |
| pmwiki | pmwiki | 2.1.8 | |
| pmwiki | pmwiki | 2.1.9 | |
| pmwiki | pmwiki | 2.1.10 | |
| pmwiki | pmwiki | 2.1.11 | |
| pmwiki | pmwiki | 2.1.12 | |
| pmwiki | pmwiki | 2.1.13 | |
| pmwiki | pmwiki | 2.1.14 | |
| pmwiki | pmwiki | 2.1.15 | |
| pmwiki | pmwiki | 2.1.16 | |
| pmwiki | pmwiki | 2.1.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B6CC82-DA0C-4951-AACF-FA5474F7243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56A679D6-5261-4351-BD09-8975BAA44927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4FC7BC-0253-4A44-925E-57289B7BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E80F47F-D848-4FE9-9030-AFDF992F31B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "578735E1-72AC-4607-ADB2-FBAEE7B90087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "728FE60F-DC52-46B0-B718-4E7F1535AA1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F0FD1-2CAB-4E05-AF19-79D3E5B5F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "96773E69-5182-4046-B29C-7BEF6653786A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "365F50C3-05F7-41A3-AE93-366DBBC829B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D440EFA-606A-402D-8F12-86E5B9C03CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23D6BE6E-A13F-48B2-9813-8C0C94C8E2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DB117C-E330-4CFE-B4E0-3C39A3DF1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F50EACAA-54D7-4C15-87A2-BD68C222446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74CDAFF6-C979-466C-914D-E6C03200C051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E4581490-B665-407C-BEB9-51F1266A4ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EC20F93E-F83E-4625-B79D-CCE49D43E9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0F3638-4F2E-4790-AFA9-C68C2F298A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F18FE5BE-A80B-4858-9E4F-E25C693F4B44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en PmWiki anterior a 2.1.18 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados que abarcan \"tabla de markups\"."
}
],
"id": "CVE-2006-4453",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-30T16:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21667"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28268"
},
{
"source": "cve@mitre.org",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19747"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2006-0479 (GCVE-0-2006-0479)
Vulnerability from cvelistv5
Published
2006-01-31 11:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24368 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/18634 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24367 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015550 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/16421 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/0375 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24366 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18634"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18634"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18634"
},
{
"name": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0479",
"datePublished": "2006-01-31T11:00:00",
"dateReserved": "2006-01-31T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2840 (GCVE-0-2006-2840)
Vulnerability from cvelistv5
Published
2006-06-06 20:03
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pmwiki.org/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/2084 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/20386 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26827 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2840",
"datePublished": "2006-06-06T20:03:00",
"dateReserved": "2006-06-05T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1481 (GCVE-0-2010-1481)
Vulnerability from cvelistv5
Published
2010-05-11 23:00
Modified
2024-08-07 01:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/39994 | vdb-entry, x_refsource_BID | |
| http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html | x_refsource_MISC | |
| http://secunia.com/advisories/39698 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/511177/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39994"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39994"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39994"
},
{
"name": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1481",
"datePublished": "2010-05-11T23:00:00",
"dateReserved": "2010-04-20T00:00:00",
"dateUpdated": "2024-08-07T01:28:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3849 (GCVE-0-2005-3849)
Vulnerability from cvelistv5
Published
2005-11-27 00:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/201 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2005/2532 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/17707 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15539 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/417432/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/21056 | vdb-entry, x_refsource_OSVDB | |
| http://moritz-naumann.com/adv/0005/pmwiki/0005.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "201",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "201",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21056"
},
{
"name": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3849",
"datePublished": "2005-11-27T00:00:00",
"dateReserved": "2005-11-26T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4453 (GCVE-0-2011-4453)
Vulnerability from cvelistv5
Published
2011-12-22 15:00
Modified
2024-09-16 19:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18243/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.exploit-db.com/exploits/18149/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.pmwiki.org/wiki/PITS/01271 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18243",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-22T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18243",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18243",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"name": "http://www.pmwiki.org/wiki/PITS/01271",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4453",
"datePublished": "2011-12-22T15:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T19:51:19.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4748 (GCVE-0-2010-4748)
Vulnerability from cvelistv5
Published
2011-03-01 21:00
Modified
2024-08-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pmwiki.org/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM | |
| http://marc.info/?l=full-disclosure&m=129234473228351&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://securityreason.com/securityalert/8113 | third-party-advisory, x_refsource_SREASON | |
| http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt | x_refsource_MISC | |
| http://secunia.com/advisories/42608 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8113"
},
{
"name": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42608"
},
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4748",
"datePublished": "2011-03-01T21:00:00",
"dateReserved": "2011-03-01T00:00:00",
"dateUpdated": "2024-08-07T03:55:35.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4453 (GCVE-0-2006-4453)
Vulnerability from cvelistv5
Published
2006-08-30 15:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pmichaud.com/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM | |
| http://www.osvdb.org/28268 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/21667 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/19747 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4453",
"datePublished": "2006-08-30T15:00:00",
"dateReserved": "2006-08-30T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4662 (GCVE-0-2010-4662)
Vulnerability from cvelistv5
Published
2020-02-05 18:13
Modified
2024-08-07 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
PmWiki before 2.2.21 has XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/cve/CVE-2010-4662 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2011/02/23/23 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pmwiki",
"vendor": "pmwiki",
"versions": [
{
"status": "affected",
"version": "before 2.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PmWiki before 2.2.21 has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:13:22",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pmwiki",
"version": {
"version_data": [
{
"version_value": "before 2.2.21"
}
]
}
}
]
},
"vendor_name": "pmwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PmWiki before 2.2.21 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2010-4662",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/02/23/23",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4662",
"datePublished": "2020-02-05T18:13:22",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-07T03:51:18.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}