Search criteria
8 vulnerabilities by pmwiki
CVE-2010-4662 (GCVE-0-2010-4662)
Vulnerability from cvelistv5 – Published: 2020-02-05 18:13 – Updated: 2024-08-07 03:51
VLAI
Summary
PmWiki before 2.2.21 has XSS.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/cve/CVE-2010-4662 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:18.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pmwiki",
"vendor": "pmwiki",
"versions": [
{
"status": "affected",
"version": "before 2.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PmWiki before 2.2.21 has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:13:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pmwiki",
"version": {
"version_data": [
{
"version_value": "before 2.2.21"
}
]
}
}
]
},
"vendor_name": "pmwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PmWiki before 2.2.21 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2010-4662",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2010-4662"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/02/23/23",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/02/23/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4662",
"datePublished": "2020-02-05T18:13:22.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:18.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4453 (GCVE-0-2011-4453)
Vulnerability from cvelistv5 – Published: 2011-12-22 15:00 – Updated: 2024-09-16 19:51
VLAI
Summary
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/18243/ | exploitx_refsource_EXPLOIT-DB |
| http://www.exploit-db.com/exploits/18149/ | exploitx_refsource_EXPLOIT-DB |
| http://www.pmwiki.org/wiki/PITS/01271 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18243",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-22T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18243",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18243",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18243/"
},
{
"name": "18149",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18149/"
},
{
"name": "http://www.pmwiki.org/wiki/PITS/01271",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PITS/01271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4453",
"datePublished": "2011-12-22T15:00:00.000Z",
"dateReserved": "2011-11-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:19.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4748 (GCVE-0-2010-4748)
Vulnerability from cvelistv5 – Published: 2011-03-01 21:00 – Updated: 2024-08-07 03:55
VLAI
Summary
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.pmwiki.org/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://marc.info/?l=full-disclosure&m=12923447322… | mailing-listx_refsource_FULLDISC |
| http://securityreason.com/securityalert/8113 | third-party-advisoryx_refsource_SREASON |
| http://packetstormsecurity.org/files/view/96687/p… | x_refsource_MISC |
| http://secunia.com/advisories/42608 | third-party-advisoryx_refsource_SECUNIA |
| http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes | x_refsource_CONFIRM |
Date Public
2010-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "20101214 xss in PmWiki",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=129234473228351\u0026w=2"
},
{
"name": "8113",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8113"
},
{
"name": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt"
},
{
"name": "42608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42608"
},
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4748",
"datePublished": "2011-03-01T21:00:00.000Z",
"dateReserved": "2011-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:55:35.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1481 (GCVE-0-2010-1481)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 01:28
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/39994 | vdb-entryx_refsource_BID |
| http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html | x_refsource_MISC |
| http://secunia.com/advisories/39698 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/511177/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39994"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39994"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39994"
},
{
"name": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html"
},
{
"name": "39698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39698"
},
{
"name": "20100507 pmwiki: persistent cross site scripting (XSS), CVE-2010-1481",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511177/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1481",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4453 (GCVE-0-2006-4453)
Vulnerability from cvelistv5 – Published: 2006-08-30 15:00 – Updated: 2024-08-07 19:14
VLAI
Summary
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.pmichaud.com/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://www.osvdb.org/28268 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/21667 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19747 | vdb-entryx_refsource_BID |
Date Public
2006-08-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving \"table markups\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmichaud.com/wiki/PmWiki/ChangeLog"
},
{
"name": "28268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28268"
},
{
"name": "21667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21667"
},
{
"name": "19747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4453",
"datePublished": "2006-08-30T15:00:00.000Z",
"dateReserved": "2006-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:14:46.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2840 (GCVE-0-2006-2840)
Vulnerability from cvelistv5 – Published: 2006-06-06 20:03 – Updated: 2024-08-07 18:06
VLAI
Summary
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.pmwiki.org/wiki/PmWiki/ChangeLog | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/2084 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/20386 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) \"url links\" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.pmwiki.org/wiki/PmWiki/ChangeLog"
},
{
"name": "ADV-2006-2084",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2084"
},
{
"name": "20386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20386"
},
{
"name": "pmwiki-uploads-xss(26827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2840",
"datePublished": "2006-06-06T20:03:00.000Z",
"dateReserved": "2006-06-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:26.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0479 (GCVE-0-2006-0479)
Vulnerability from cvelistv5 – Published: 2006-01-31 11:00 – Updated: 2024-08-07 16:34
VLAI
Summary
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18634 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ush.it/2006/01/24/pmwiki-multiple-vuln… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1015550 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/16421 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0375 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18634"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18634"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060128 PmWiki Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html"
},
{
"name": "pmwiki-multiple-xss(24368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24368"
},
{
"name": "18634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18634"
},
{
"name": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/"
},
{
"name": "pmwiki-file-include(24367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24367"
},
{
"name": "1015550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015550"
},
{
"name": "16421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16421"
},
{
"name": "ADV-2006-0375",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0375"
},
{
"name": "pmwiki-path-disclosure(24366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0479",
"datePublished": "2006-01-31T11:00:00.000Z",
"dateReserved": "2006-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:14.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3849 (GCVE-0-2005-3849)
Vulnerability from cvelistv5 – Published: 2005-11-27 00:00 – Updated: 2024-08-07 23:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/201 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2005/2532 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/17707 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/15539 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/417432/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/21056 | vdb-entryx_refsource_OSVDB |
| http://moritz-naumann.com/adv/0005/pmwiki/0005.txt | x_refsource_MISC |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "201",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "201",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21056"
},
{
"name": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3849",
"datePublished": "2005-11-27T00:00:00.000Z",
"dateReserved": "2005-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}