cbcvebase.

Jspwiki vulnerabilities

7 known vulnerabilities affecting jspwiki/jspwiki.

Total CVEs
7
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2008-1230P2CRITICALCVSS 9.3PoCv2.4.104v2.5.139+1 more2008-03-10
CVE-2008-1230 [CRITICAL] CWE-264 CVE-2008-1230: Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upl Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."
nvd
CVE-2008-1231P3CRITICALCVSS 9.3PoCv2.4.104v2.5.139+1 more2008-03-10
CVE-2008-1231 [CRITICAL] CWE-22 CVE-2008-1231: Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. (dot dot) in the editor parameter.
nvd
CVE-2007-5120P4MEDIUMCVSS 4.3PoCv2.4.103v2.5.139-beta2007-09-27
CVE-2007-5120 [MEDIUM] CWE-79 CVE-2007-5120: Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (
nvd
CVE-2008-1229P4MEDIUMCVSS 4.3PoCv2.4.104v2.5.139+1 more2008-03-10
CVE-2008-1229 [MEDIUM] CVE-2008-1229: Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote at Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.
nvd
CVE-2004-1544P4MEDIUMCVSS 4.3v2.1.120v2.1.121+1 more2004-12-31
CVE-2004-1544 [MEDIUM] CVE-2004-1544: Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows rem Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.
nvd
CVE-2007-5121P4MEDIUMCVSS 4.3v2.5.139-beta2007-09-27
CVE-2007-5121 [MEDIUM] CWE-79 CVE-2007-5121: Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allows remote attackers to inject a Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to wiki-3/Login.jsp and unspecified other components.
nvd
CVE-2007-5119P4MEDIUMCVSS 4.3v2.4.103v2.5.139-beta2007-09-27
CVE-2007-5119 [MEDIUM] CWE-20 CVE-2007-5119: JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information (full path) JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information (full path) via an invalid integer in the version parameter to the default URI under attach/Main/.
nvd
Jspwiki vulnerabilities | cvebase