Search criteria
24 vulnerabilities found for pmwiki by pmwiki
FKIE_CVE-2010-4662
Vulnerability from fkie_nvd - Published: 2020-02-05 19:15 - Updated: 2024-11-21 01:21
Severity
Summary
PmWiki before 2.2.21 has XSS.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://packetstormsecurity.com/files/cve/CVE-2010-4662 | Broken Link | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2011/02/23/23 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/cve/CVE-2010-4662 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/02/23/23 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5550C8-007E-4E28-93DA-7F1AE1D0F2F1",
"versionEndExcluding": "2.2.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PmWiki before 2.2.21 has XSS."
},
{
"lang": "es",
"value": "PmWiki versiones anteriores a 2.2.21, presenta una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2010-4662",
"lastModified": "2024-11-21T01:21:27.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T19:15:09.897",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4453
Vulnerability from fkie_nvd - Published: 2011-12-22 15:29 - Updated: 2026-04-29 01:13
Severity
Summary
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCD728C-520B-4B33-95D7-C0D707C9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37757C05-8BDD-4C3F-9AA2-42D82E144804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFDB074-6C50-4B59-8FA9-17888551AE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DCC295-2936-434F-972F-2A88FB39669C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6EBCCD-40A4-4FD1-B8EC-A5CC1EA93FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917B98DC-FDA0-4876-8730-354615D90928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48F85DBC-9447-4826-BB17-6C19EDBBB581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD57B98-0EC2-4AFA-BE94-1774B98781A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E38076A-69A6-42D0-A563-9A01F979CD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1FDC77-46E2-45DA-A08F-7134B0F550B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D649269D-7AB9-4791-8BE6-CF29CF553103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5C169E-480C-4208-8627-894F10C2FFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B142168-A959-4593-9910-D50E738B0AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4D6FF4-E09A-4369-A17A-99375006E927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B6CC82-DA0C-4951-AACF-FA5474F7243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56A679D6-5261-4351-BD09-8975BAA44927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4FC7BC-0253-4A44-925E-57289B7BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E80F47F-D848-4FE9-9030-AFDF992F31B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "578735E1-72AC-4607-ADB2-FBAEE7B90087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "728FE60F-DC52-46B0-B718-4E7F1535AA1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F0FD1-2CAB-4E05-AF19-79D3E5B5F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "96773E69-5182-4046-B29C-7BEF6653786A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "365F50C3-05F7-41A3-AE93-366DBBC829B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D440EFA-606A-402D-8F12-86E5B9C03CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23D6BE6E-A13F-48B2-9813-8C0C94C8E2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DB117C-E330-4CFE-B4E0-3C39A3DF1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F50EACAA-54D7-4C15-87A2-BD68C222446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74CDAFF6-C979-466C-914D-E6C03200C051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E4581490-B665-407C-BEB9-51F1266A4ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EC20F93E-F83E-4625-B79D-CCE49D43E9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0F3638-4F2E-4790-AFA9-C68C2F298A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F18FE5BE-A80B-4858-9E4F-E25C693F4B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "35CBBD56-B8F4-4639-A199-088150983204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E535C1-E27B-4BC8-9576-5634D57137DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "544983E1-C794-4BEA-9F5B-C43DD9967496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "29F4FADC-F1AE-429B-9C81-EB0373CAD9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "86A85DD3-CD6E-49CA-85E3-2D733AAD3BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A2CE64-2A51-4C71-BC28-74DBB172BED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0009552C-46FF-4B1F-9E07-3F255099516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2B787DC2-6AF4-468A-8ABF-CB2C0E7ABD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "58467667-01C0-456C-8A01-B0426F460BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "35A7CF02-B9AB-4CDE-A2ED-6C4FB423045A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5890B71-6E21-4BE0-8C02-B69C8D55BF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "75E151B2-986C-4071-B430-3C6B12F73490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "67934660-AECE-4C3E-BFE8-3C884237F360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D120EC81-8FD3-44B6-9483-993EBC894D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BA274B0E-5784-4DA6-9FA4-B629BAA0B699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "C0969BF3-3DB1-4514-A5BA-7D173E4B85E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C30DD440-C0DD-495B-AC2D-5A62EF46020A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "C7B95B77-00EB-4BB5-A4E7-F1234394A262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "DD066CC3-2572-4370-8953-BE75F0997B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "DC20291B-6607-4829-A98D-404F57C1CBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "1306121B-6D16-4869-B85F-61587521DB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "5122D98D-FB78-4D7A-9CD0-146F29D0C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "07E98A35-9E6B-4C63-A5DC-F4EC70A063D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "709A8ECE-7796-4253-8E8D-4438282613F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "E0EE77EB-2EBE-4FFD-B230-447D730DABF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "D27AD41E-6488-4A22-922E-C301DB01B9BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "D0CA05C1-D5A2-4EA9-8F9E-3910D28DE9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "87167BC5-61EC-41BF-9552-9E6E3C7C2950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "D83007B4-0EA5-4905-81EE-4D5A40F0E26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "2D65264B-3A14-4EB7-A983-EB952704689D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta27:*:*:*:*:*:*",
"matchCriteriaId": "F148DF79-D34F-4BA6-A937-DB3F768846A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta28:*:*:*:*:*:*",
"matchCriteriaId": "9B97731D-8441-4AC3-9EB7-77DACBF74EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta29:*:*:*:*:*:*",
"matchCriteriaId": "6D58527F-7F7D-49E3-8428-205C5668885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "D252D3FB-A5E1-4390-AC6C-34AC2A05BB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta30:*:*:*:*:*:*",
"matchCriteriaId": "5E021DF8-48EB-4818-AC5B-DE9EFD5E588D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta31:*:*:*:*:*:*",
"matchCriteriaId": "09440DC9-4248-40EA-A25B-057E7F24A964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta32:*:*:*:*:*:*",
"matchCriteriaId": "6F9DC4F8-C1B5-40E1-83D7-83939A8C4C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta33:*:*:*:*:*:*",
"matchCriteriaId": "D7516A5A-764B-464B-930A-8B9CF7DD72AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta34:*:*:*:*:*:*",
"matchCriteriaId": "1C8B2042-9733-41C3-B36C-D411348EAA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta35:*:*:*:*:*:*",
"matchCriteriaId": "C8574393-4DB4-4F93-A854-DC91F056029D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta36:*:*:*:*:*:*",
"matchCriteriaId": "8369EF73-E83E-4AD8-904C-9FD4C2C251ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta37:*:*:*:*:*:*",
"matchCriteriaId": "A53D8B2E-1EA8-43EE-B8BC-8D2BAF828DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta38:*:*:*:*:*:*",
"matchCriteriaId": "08745BAA-FCD1-4989-B142-7B5F92A575C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta39:*:*:*:*:*:*",
"matchCriteriaId": "3E1C5323-4572-455F-8674-8410FD325BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9804017C-141B-4666-926A-1F8708DCE5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta40:*:*:*:*:*:*",
"matchCriteriaId": "8F602A9E-0EBB-4F66-A197-71CE224A15EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta41:*:*:*:*:*:*",
"matchCriteriaId": "48AB6EA9-5C0A-4D15-A45D-A40CC04E94E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta42:*:*:*:*:*:*",
"matchCriteriaId": "8CD705AB-9D86-4545-BB42-105516CB532A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta43:*:*:*:*:*:*",
"matchCriteriaId": "F8D62C69-43B3-486F-9ABD-2862489D4B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta44:*:*:*:*:*:*",
"matchCriteriaId": "0627AF2E-BFD1-4CBF-A1C5-3945ECDF22FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta45:*:*:*:*:*:*",
"matchCriteriaId": "464207FE-0212-49B3-B9A6-9798C4520395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta46:*:*:*:*:*:*",
"matchCriteriaId": "194B19A6-4937-4D79-A948-C0C810990532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta47:*:*:*:*:*:*",
"matchCriteriaId": "5E8703C1-0753-4EA9-BA9D-59FD9016A071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta48:*:*:*:*:*:*",
"matchCriteriaId": "345A7C6E-C6A9-4719-A2FF-46D3BADBBCB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta49:*:*:*:*:*:*",
"matchCriteriaId": "2A74F1C1-5CA4-4148-A975-6E9AB1F4AACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "ED922251-7351-42A7-9D60-D323D6DE06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta50:*:*:*:*:*:*",
"matchCriteriaId": "82B8B4B2-DFAF-4DD3-9B9E-540F4459BC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta51:*:*:*:*:*:*",
"matchCriteriaId": "B598E10C-BFB2-4B2B-B9E4-FC55CD9848E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta52:*:*:*:*:*:*",
"matchCriteriaId": "C815EA2B-C08F-4476-8A82-1F02CE881989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta53:*:*:*:*:*:*",
"matchCriteriaId": "D86A2C67-C494-432F-9CE5-232C5F5F82A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta54:*:*:*:*:*:*",
"matchCriteriaId": "03C8B021-A346-40DC-8399-970CF07D7949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta55:*:*:*:*:*:*",
"matchCriteriaId": "1A1DF42C-614D-487F-BFCF-8B07A3A14F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta56:*:*:*:*:*:*",
"matchCriteriaId": "A62223B3-335F-47B1-B0BD-CA3BE0457FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta57:*:*:*:*:*:*",
"matchCriteriaId": "6F943380-7AE9-4A87-84CE-454F0F8FE7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta58:*:*:*:*:*:*",
"matchCriteriaId": "7C6C152F-E1F5-4D36-9F03-A213F7666F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta59:*:*:*:*:*:*",
"matchCriteriaId": "6CA57460-890D-41A5-AFBA-24E5B4FCADBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A04E8DC-7569-45EE-929A-CF8F48982DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta60:*:*:*:*:*:*",
"matchCriteriaId": "838B897C-C055-404A-BB3F-0AA7EEB00BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta61:*:*:*:*:*:*",
"matchCriteriaId": "D03CC0B5-281C-4A43-95BA-E57F487D8199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta62:*:*:*:*:*:*",
"matchCriteriaId": "1EB215AD-3F88-4CD9-BAAD-EF4237E4CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta63:*:*:*:*:*:*",
"matchCriteriaId": "25352328-12FB-4DA3-8247-380D22032737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta64:*:*:*:*:*:*",
"matchCriteriaId": "D1471F94-B9A5-476F-9C08-564BFAC86DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta65:*:*:*:*:*:*",
"matchCriteriaId": "B50099CD-6B5E-4AFE-94D2-35E3D7ABA489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta66:*:*:*:*:*:*",
"matchCriteriaId": "C22E003E-AAEF-41C0-8A35-C05DF43422AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta67:*:*:*:*:*:*",
"matchCriteriaId": "2D15D973-75B0-4C5D-896F-5F8509AA2812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta68:*:*:*:*:*:*",
"matchCriteriaId": "B42548D3-8933-49A9-AABE-D4B0A8E6CF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "A70E927D-11DE-4705-8235-464938CB57E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "2BFB4567-3055-4A2F-8CF3-A5AFE523D454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "285649DA-99BB-4A61-9F55-D44A58F3F197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC90230A-7C5B-4DF3-8009-DD7C67E0F2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D452B15-3B1F-4F91-960E-A1A9C464C42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D6599E-2190-4063-A653-80666FE53887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9FDB6-2144-4D66-943E-ABCAC172FE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDBF92F-942B-4C5E-9B93-5B68837ABD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD0EE76-1FE1-4699-B63B-00DE4A27ACA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "666650A5-889F-4F53-A84F-F2B2C6AAFEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2351390C-89C4-4160-A1FC-CD2C5379B64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D660454E-D195-42AA-B39A-4B56F1B593E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "639B1108-DD76-4177-AD59-4C8B93515A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "501DB859-06E9-42E3-AA21-A805118C5482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E6772-F8EA-4D55-BFC9-A9838C5DD7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "30542C0F-83ED-4CB6-8B77-EFAD4635D254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "25AFF08F-BEF2-4C5C-A45F-7D48B6B306D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "53B96FBC-C880-42DB-9617-986189AF4F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B48585-AA80-4B69-9BE1-46C47FF1EC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "52C59ECC-97EA-4C1B-87BF-9C5C9C960507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "7263749C-90CD-4535-8BA6-FB766C87EE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A042F2B3-3AC6-49A4-AC80-45C65C4EDEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3164405B-030E-4505-992C-BB26498C5674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "694B570D-48D8-4657-A5B5-F3EEDBBD91B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "20C3AD09-9A40-4408-938C-6254DC9FE43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "61346DA4-3504-46C2-B9F5-F03926D213DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "EB59AE36-3EE3-4CA9-8CBA-CD37E93CEED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B6178CA6-3728-4346-8F0B-DFA599304091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1C8AD0-73C8-4A3A-AF37-CDDD5C37E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "00D036EF-C311-40C0-AB99-5FFE23E5AB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA0E3BE-376F-4E83-AA0F-4723FEF9684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3B99C694-B54C-42D3-A6E2-A2AC4EC26BAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E18066-AF64-4071-A860-1640CB03B86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5BD95F-4999-4C62-947E-D7247E2B0273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "6B682845-7676-4309-BCEC-B6217EE07211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "0F18EEBB-46C7-4D36-BA47-A5701F278303",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
},
{
"lang": "es",
"value": "La funci\u00f3n PageListSort en los ficheros scripts/pagelist.php en PmWiki v2.x anteriores a v2.2.35, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de secuencias PHP en un par\u00e1metro manipulado en una directiva pagelist, que conducen a un uso inadecuado de la funci\u00f3n create_function PHP."
}
],
"id": "CVE-2011-4453",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-22T15:29:20.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4748
Vulnerability from fkie_nvd - Published: 2011-03-01 22:00 - Updated: 2026-04-29 01:13
Severity
Summary
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3164405B-030E-4505-992C-BB26498C5674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en pmwiki.php de PmWiki 2.2.20. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro from de Main/WikiSandbox. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceras partes."
}
],
"id": "CVE-2010-4748",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-01T22:00:01.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42608"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8113"
},
{
"source": "cve@mitre.org",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1481
Vulnerability from fkie_nvd - Published: 2010-05-12 11:46 - Updated: 2026-04-29 01:13
Severity
Summary
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "53B96FBC-C880-42DB-9617-986189AF4F96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n de tabla en PmWiki v2.2.15 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s del atributo de ancho (width)."
}
],
"id": "CVE-2010-1481",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-12T11:46:31.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39698"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4453
Vulnerability from fkie_nvd - Published: 2006-08-30 16:04 - Updated: 2026-04-16 00:27
Severity
Summary
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pmwiki | pmwiki | 2.1.0 | |
| pmwiki | pmwiki | 2.1.1 | |
| pmwiki | pmwiki | 2.1.2 | |
| pmwiki | pmwiki | 2.1.3 | |
| pmwiki | pmwiki | 2.1.4 | |
| pmwiki | pmwiki | 2.1.5 | |
| pmwiki | pmwiki | 2.1.6 | |
| pmwiki | pmwiki | 2.1.7 | |
| pmwiki | pmwiki | 2.1.8 | |
| pmwiki | pmwiki | 2.1.9 | |
| pmwiki | pmwiki | 2.1.10 | |
| pmwiki | pmwiki | 2.1.11 | |
| pmwiki | pmwiki | 2.1.12 | |
| pmwiki | pmwiki | 2.1.13 | |
| pmwiki | pmwiki | 2.1.14 | |
| pmwiki | pmwiki | 2.1.15 | |
| pmwiki | pmwiki | 2.1.16 | |
| pmwiki | pmwiki | 2.1.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B6CC82-DA0C-4951-AACF-FA5474F7243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56A679D6-5261-4351-BD09-8975BAA44927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4FC7BC-0253-4A44-925E-57289B7BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E80F47F-D848-4FE9-9030-AFDF992F31B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "578735E1-72AC-4607-ADB2-FBAEE7B90087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "728FE60F-DC52-46B0-B718-4E7F1535AA1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F0FD1-2CAB-4E05-AF19-79D3E5B5F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "96773E69-5182-4046-B29C-7BEF6653786A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "365F50C3-05F7-41A3-AE93-366DBBC829B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D440EFA-606A-402D-8F12-86E5B9C03CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23D6BE6E-A13F-48B2-9813-8C0C94C8E2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5DB117C-E330-4CFE-B4E0-3C39A3DF1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F50EACAA-54D7-4C15-87A2-BD68C222446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74CDAFF6-C979-466C-914D-E6C03200C051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E4581490-B665-407C-BEB9-51F1266A4ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EC20F93E-F83E-4625-B79D-CCE49D43E9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0F3638-4F2E-4790-AFA9-C68C2F298A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F18FE5BE-A80B-4858-9E4F-E25C693F4B44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en PmWiki anterior a 2.1.18 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados que abarcan \"tabla de markups\"."
}
],
"id": "CVE-2006-4453",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-30T16:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21667"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28268"
},
{
"source": "cve@mitre.org",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19747"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2840
Vulnerability from fkie_nvd - Published: 2006-06-06 20:06 - Updated: 2026-04-16 00:27
Severity
Summary
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pmwiki | pmwiki | * | |
| pmwiki | pmwiki | 2.0.0 | |
| pmwiki | pmwiki | 2.0.1 | |
| pmwiki | pmwiki | 2.0.2 | |
| pmwiki | pmwiki | 2.0.3 | |
| pmwiki | pmwiki | 2.0.4 | |
| pmwiki | pmwiki | 2.0.5 | |
| pmwiki | pmwiki | 2.0.6 | |
| pmwiki | pmwiki | 2.0.7 | |
| pmwiki | pmwiki | 2.0.8 | |
| pmwiki | pmwiki | 2.0.9 | |
| pmwiki | pmwiki | 2.0.10 | |
| pmwiki | pmwiki | 2.0.11 | |
| pmwiki | pmwiki | 2.0.12 | |
| pmwiki | pmwiki | 2.0.13 | |
| pmwiki | pmwiki | 2.1.0 | |
| pmwiki | pmwiki | 2.1.1 | |
| pmwiki | pmwiki | 2.1.2 | |
| pmwiki | pmwiki | 2.1.3 | |
| pmwiki | pmwiki | 2.1.4 | |
| pmwiki | pmwiki | 2.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5BA5BF-4641-46B5-9413-A77D612D1D98",
"versionEndIncluding": "2.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCD728C-520B-4B33-95D7-C0D707C9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37757C05-8BDD-4C3F-9AA2-42D82E144804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFDB074-6C50-4B59-8FA9-17888551AE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DCC295-2936-434F-972F-2A88FB39669C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6EBCCD-40A4-4FD1-B8EC-A5CC1EA93FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917B98DC-FDA0-4876-8730-354615D90928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48F85DBC-9447-4826-BB17-6C19EDBBB581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD57B98-0EC2-4AFA-BE94-1774B98781A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E38076A-69A6-42D0-A563-9A01F979CD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1FDC77-46E2-45DA-A08F-7134B0F550B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D649269D-7AB9-4791-8BE6-CF29CF553103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5C169E-480C-4208-8627-894F10C2FFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7B142168-A959-4593-9910-D50E738B0AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4D6FF4-E09A-4369-A17A-99375006E927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B6CC82-DA0C-4951-AACF-FA5474F7243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56A679D6-5261-4351-BD09-8975BAA44927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4FC7BC-0253-4A44-925E-57289B7BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E80F47F-D848-4FE9-9030-AFDF992F31B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "578735E1-72AC-4607-ADB2-FBAEE7B90087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "728FE60F-DC52-46B0-B718-4E7F1535AA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nPmWiki, PmWiki, 2.1.7",
"id": "CVE-2006-2840",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-06T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20386"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-0479
Vulnerability from fkie_nvd - Published: 2006-01-31 11:03 - Updated: 2026-04-16 00:27
Severity
Summary
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.1_beta_20:*:*:*:*:*:*:*",
"matchCriteriaId": "E219340F-4FBB-471C-B751-8BA79C67BFC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
],
"id": "CVE-2006-0479",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-31T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18634"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3849
Vulnerability from fkie_nvd - Published: 2005-11-27 00:03 - Updated: 2026-04-16 00:27
Severity
Summary
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5AD912C-2B2E-4EF9-B797-D03212A999BE",
"versionEndIncluding": "2.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCD728C-520B-4B33-95D7-C0D707C9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37757C05-8BDD-4C3F-9AA2-42D82E144804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFDB074-6C50-4B59-8FA9-17888551AE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DCC295-2936-434F-972F-2A88FB39669C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6EBCCD-40A4-4FD1-B8EC-A5CC1EA93FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917B98DC-FDA0-4876-8730-354615D90928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48F85DBC-9447-4826-BB17-6C19EDBBB581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD57B98-0EC2-4AFA-BE94-1774B98781A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E38076A-69A6-42D0-A563-9A01F979CD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1FDC77-46E2-45DA-A08F-7134B0F550B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D649269D-7AB9-4791-8BE6-CF29CF553103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pmwiki:pmwiki:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5C169E-480C-4208-8627-894F10C2FFCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
],
"id": "CVE-2005-3849",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-27T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17707"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/201"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21056"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2532"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-4662 (GCVE-0-2010-4662)
Vulnerability from cvelistv5 – Published: 2020-02-05 18:13 – Updated: 2024-08-07 03:51
VLAI
Summary
PmWiki before 2.2.21 has XSS.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/cve/CVE-2010-4662 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pmwiki",
"vendor": "pmwiki",
"versions": [
{
"status": "affected",
"version": "before 2.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PmWiki before 2.2.21 has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:13:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pmwiki",
"version": {
"version_data": [
{
"version_value": "before 2.2.21"
}
]
}
}
]
},
"vendor_name": "pmwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PmWiki before 2.2.21 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2010-4662",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/02/23/23",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4662",
"datePublished": "2020-02-05T18:13:22.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4453 (GCVE-0-2011-4453)
Vulnerability from cvelistv5 – Published: 2011-12-22 15:00 – Updated: 2024-09-16 19:51
VLAI
Summary
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18243/ | exploitx_refsource_EXPLOIT-DB |
| http://www.exploit-db.com/exploits/18149/ | exploitx_refsource_EXPLOIT-DB |
| http://www.pmwiki.org/wiki/PITS/01271 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18243",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-22T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18243",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18243",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"name": "http://www.pmwiki.org/wiki/PITS/01271",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4453",
"datePublished": "2011-12-22T15:00:00.000Z",
"dateReserved": "2011-11-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:19.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4748 (GCVE-0-2010-4748)
Vulnerability from cvelistv5 – Published: 2011-03-01 21:00 – Updated: 2024-08-07 03:55
VLAI
Summary
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.pmwiki.org/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://marc.info/?l=full-disclosure&m=12923447322… | mailing-listx_refsource_FULLDISC |
| http://securityreason.com/securityalert/8113 | third-party-advisoryx_refsource_SREASON |
| http://packetstormsecurity.org/files/view/96687/p… | x_refsource_MISC |
| http://secunia.com/advisories/42608 | third-party-advisoryx_refsource_SECUNIA |
| http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes | x_refsource_CONFIRM |
Date Public
2010-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8113"
},
{
"name": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42608"
},
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4748",
"datePublished": "2011-03-01T21:00:00.000Z",
"dateReserved": "2011-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:55:35.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1481 (GCVE-0-2010-1481)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 01:28
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/39994 | vdb-entryx_refsource_BID |
| http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html | x_refsource_MISC |
| http://secunia.com/advisories/39698 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/511177/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39994"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39994"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39994"
},
{
"name": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1481",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4453 (GCVE-0-2006-4453)
Vulnerability from cvelistv5 – Published: 2006-08-30 15:00 – Updated: 2024-08-07 19:14
VLAI
Summary
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.pmichaud.com/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://www.osvdb.org/28268 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/21667 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19747 | vdb-entryx_refsource_BID |
Date Public
2006-08-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4453",
"datePublished": "2006-08-30T15:00:00.000Z",
"dateReserved": "2006-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:14:46.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2840 (GCVE-0-2006-2840)
Vulnerability from cvelistv5 – Published: 2006-06-06 20:03 – Updated: 2024-08-07 18:06
VLAI
Summary
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.pmwiki.org/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/2084 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20386 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2840",
"datePublished": "2006-06-06T20:03:00.000Z",
"dateReserved": "2006-06-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:26.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0479 (GCVE-0-2006-0479)
Vulnerability from cvelistv5 – Published: 2006-01-31 11:00 – Updated: 2024-08-07 16:34
VLAI
Summary
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18634 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ush.it/2006/01/24/pmwiki-multiple-vuln… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1015550 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/16421 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0375 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18634"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18634"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18634"
},
{
"name": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0479",
"datePublished": "2006-01-31T11:00:00.000Z",
"dateReserved": "2006-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:14.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3849 (GCVE-0-2005-3849)
Vulnerability from cvelistv5 – Published: 2005-11-27 00:00 – Updated: 2024-08-07 23:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/201 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2005/2532 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/17707 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/15539 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/417432/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/21056 | vdb-entryx_refsource_OSVDB |
| http://moritz-naumann.com/adv/0005/pmwiki/0005.txt | x_refsource_MISC |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "201",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "201",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21056"
},
{
"name": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3849",
"datePublished": "2005-11-27T00:00:00.000Z",
"dateReserved": "2005-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4662 (GCVE-0-2010-4662)
Vulnerability from nvd – Published: 2020-02-05 18:13 – Updated: 2024-08-07 03:51
VLAI
Summary
PmWiki before 2.2.21 has XSS.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/cve/CVE-2010-4662 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pmwiki",
"vendor": "pmwiki",
"versions": [
{
"status": "affected",
"version": "before 2.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PmWiki before 2.2.21 has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:13:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pmwiki",
"version": {
"version_data": [
{
"version_value": "before 2.2.21"
}
]
}
}
]
},
"vendor_name": "pmwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PmWiki before 2.2.21 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2010-4662",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/02/23/23",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4662",
"datePublished": "2020-02-05T18:13:22.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4453 (GCVE-0-2011-4453)
Vulnerability from nvd – Published: 2011-12-22 15:00 – Updated: 2024-09-16 19:51
VLAI
Summary
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18243/ | exploitx_refsource_EXPLOIT-DB |
| http://www.exploit-db.com/exploits/18149/ | exploitx_refsource_EXPLOIT-DB |
| http://www.pmwiki.org/wiki/PITS/01271 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18243",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-22T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18243",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18243",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"name": "http://www.pmwiki.org/wiki/PITS/01271",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4453",
"datePublished": "2011-12-22T15:00:00.000Z",
"dateReserved": "2011-11-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:19.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4748 (GCVE-0-2010-4748)
Vulnerability from nvd – Published: 2011-03-01 21:00 – Updated: 2024-08-07 03:55
VLAI
Summary
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.pmwiki.org/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://marc.info/?l=full-disclosure&m=12923447322… | mailing-listx_refsource_FULLDISC |
| http://securityreason.com/securityalert/8113 | third-party-advisoryx_refsource_SREASON |
| http://packetstormsecurity.org/files/view/96687/p… | x_refsource_MISC |
| http://secunia.com/advisories/42608 | third-party-advisoryx_refsource_SECUNIA |
| http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes | x_refsource_CONFIRM |
Date Public
2010-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8113"
},
{
"name": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42608"
},
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4748",
"datePublished": "2011-03-01T21:00:00.000Z",
"dateReserved": "2011-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:55:35.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1481 (GCVE-0-2010-1481)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 01:28
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/39994 | vdb-entryx_refsource_BID |
| http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html | x_refsource_MISC |
| http://secunia.com/advisories/39698 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/511177/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39994"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39994"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39994"
},
{
"name": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1481",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4453 (GCVE-0-2006-4453)
Vulnerability from nvd – Published: 2006-08-30 15:00 – Updated: 2024-08-07 19:14
VLAI
Summary
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.pmichaud.com/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://www.osvdb.org/28268 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/21667 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19747 | vdb-entryx_refsource_BID |
Date Public
2006-08-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4453",
"datePublished": "2006-08-30T15:00:00.000Z",
"dateReserved": "2006-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:14:46.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2840 (GCVE-0-2006-2840)
Vulnerability from nvd – Published: 2006-06-06 20:03 – Updated: 2024-08-07 18:06
VLAI
Summary
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.pmwiki.org/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/2084 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20386 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2840",
"datePublished": "2006-06-06T20:03:00.000Z",
"dateReserved": "2006-06-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:26.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0479 (GCVE-0-2006-0479)
Vulnerability from nvd – Published: 2006-01-31 11:00 – Updated: 2024-08-07 16:34
VLAI
Summary
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18634 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ush.it/2006/01/24/pmwiki-multiple-vuln… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1015550 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/16421 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0375 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18634"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18634"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18634"
},
{
"name": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0479",
"datePublished": "2006-01-31T11:00:00.000Z",
"dateReserved": "2006-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:14.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3849 (GCVE-0-2005-3849)
Vulnerability from nvd – Published: 2005-11-27 00:00 – Updated: 2024-08-07 23:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/201 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2005/2532 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/17707 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/15539 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/417432/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/21056 | vdb-entryx_refsource_OSVDB |
| http://moritz-naumann.com/adv/0005/pmwiki/0005.txt | x_refsource_MISC |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "201",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "201",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21056"
},
{
"name": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3849",
"datePublished": "2005-11-27T00:00:00.000Z",
"dateReserved": "2005-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}