Known Vulnerabilities for products from Ikiwiki

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Ikiwiki".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2019-9187 json ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also i... 7.5 - HIGH 2019-06-05 2019-07-17
CVE-2017-0356 json A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilde... 9.8 - CRITICAL 2018-04-13 2018-05-18
CVE-2016-10026 json ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and ... Not Provided 2017-02-13 2025-04-20
CVE-2016-9646 json ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bu... 5.3 - MEDIUM 2018-04-13 2018-05-18
CVE-2016-9645 json The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git v... 6.5 - MEDIUM 2018-04-10 2018-05-22
CVE-2016-4561 json Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote a... Not Provided 2016-05-10 2026-05-06
CVE-2015-2793 json Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attacke... 6.1 - MEDIUM 2019-11-21 2023-11-07
CVE-2012-0220 json Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow re... Not Provided 2012-05-29 2026-04-29
CVE-2011-1408 json ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. 8.2 - HIGH 2019-10-29 2020-08-18
CVE-2011-1401 json ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta styles... Not Provided 2011-04-11 2026-04-29
CVE-2011-0428 json Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to in... 6.1 - MEDIUM 2019-10-29 2019-11-01
CVE-2010-1673 json A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web scrip... 6.1 - MEDIUM 2019-10-30 2019-10-31
CVE-2010-1195 json Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312... Not Provided 2010-03-31 2026-04-29
CVE-2009-2944 json Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-depe... Not Provided 2009-08-31 2026-04-23
CVE-2008-0809 json Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbit... Not Provided 2008-02-19 2026-04-23
CVE-2008-0808 json Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitr... Not Provided 2008-02-19 2026-04-23
CVE-2008-0169 json Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentic... Not Provided 2008-06-03 2026-04-23
CVE-2008-0165 json Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, in... Not Provided 2008-04-21 2026-04-23

Known software with vulnerabilities from Ikiwiki

Type Vendor Product Version
ApplicationIkiwikiIkiwiki1.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report