Foswiki

foswiki

8 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-2861 1Foswiki 1Foswiki Mar 16, 2026 Feb 21, 2026 5.5 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the a...Show more A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.Show less
CVE-2023-33756 1Foswiki 1Foswiki Nov 21, 2024 Aug 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.
CVE-2023-24698 1Foswiki 1Foswiki Nov 21, 2024 Aug 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.
CVE-2013-1666 1Foswiki 1Foswiki Nov 21, 2024 Nov 1, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.
CVE-2012-6330 2Foswiki Twiki 2Foswiki Twiki Apr 29, 2026 Jan 4, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT...Show more The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.Show less
CVE-2012-1004 1Foswiki 1Foswiki Apr 29, 2026 Feb 8, 2012 N/A· v4 N/A· v3 2.1 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName...Show more Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2010-4215 1Foswiki 1Foswiki Apr 29, 2026 Nov 17, 2010 N/A· v4 N/A· v3 6.5 MEDIUM· v2 UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.
CVE-2009-1434 1Foswiki 1Foswiki Apr 23, 2026 Apr 30, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group membersh...Show more Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.Show less