Download
| Alert*
|
oval:org.secpod.oval:def:600808
Raul Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks. oval:org.secpod.oval:def:600229 Tango discovered that ikiwiki, a wiki compiler, is not validating if the htmlscrubber plugin is enabled or not on a page when adding alternative stylesheets to pages. This enables an attacker who is able to upload custom stylesheets to add malicious stylesheets as an alternate stylesheet, or replace ... oval:org.secpod.oval:def:1901242 ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method , which can be abused to lead to commit metadata forgery. oval:org.secpod.oval:def:1901472 A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin"s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. |
