Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.
Max CVSS
4.3
EPSS Score
0.26%
Published
2013-09-25
Updated
2017-08-29
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
Max CVSS
8.3
EPSS Score
0.18%
Published
2007-05-11
Updated
2013-08-30
SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation."
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-05-11
Updated
2012-11-06
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
Max CVSS
5.0
EPSS Score
1.00%
Published
2007-05-09
Updated
2011-06-16
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
Max CVSS
4.3
EPSS Score
0.64%
Published
2007-05-09
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.
Max CVSS
6.8
EPSS Score
1.77%
Published
2007-02-24
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.
Max CVSS
4.3
EPSS Score
0.32%
Published
2005-12-15
Updated
2011-03-08
7 vulnerabilities found