CVE-2011-4453

Public exploit
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Max CVSS
7.5
EPSS Score
88.95%
Published
2011-12-22
Updated
2012-01-12
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.38%
Published
2011-03-01
Updated
2011-09-22
PmWiki before 2.2.21 has XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-02-05
Updated
2020-02-06
Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.
Max CVSS
3.5
EPSS Score
0.11%
Published
2010-05-12
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
Max CVSS
4.3
EPSS Score
0.29%
Published
2006-08-30
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Max CVSS
6.8
EPSS Score
0.53%
Published
2006-06-06
Updated
2017-07-20
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
Max CVSS
4.3
EPSS Score
0.71%
Published
2006-01-31
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Max CVSS
4.3
EPSS Score
0.94%
Published
2005-11-27
Updated
2018-10-19
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!