CVE-2013-5586

Cross-site scripting XSS vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/...

WikkaWiki vulnerable to cross-site scripting

Overview WikkaWiki contains a cross-site scripting vulnerability. WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

CVE-2007-2613

WikkaWiki Wikka Wiki before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKACONFIG environment variable...

CVE-2007-2612

The CVE affects WikkaWiki (Wikka Wiki) where the libs/Wakka.class.php component is vulnerable to SQL injection. Versions prior to 1.1.6.3 allow remote attackers to execute arbitrary SQL commands via the limit parameter, with impact on confidentiality, integrity, and availability noted as Partial....

CVE-2007-2551

CVE-2007-2551 affects WikkaWiki (Wikka Wiki) prior to 1.1.6.3. The vulnerability is a Cross-Site Scripting (XSS) in usersettings.php that allows remote attackers to inject arbitrary web script or HTML via the name parameter. Impact is consistent with an XSS in the name field, enabling script exec...

CVE-2006-7049

CVE-2006-7049 affects WikkaWiki prior to 1.1.6.2. The Method() in wikka.php calls strstr and strrpos with arguments in the wrong order, which can bypass access restrictions and allow remote attackers to access arbitrary PHP files. Public references also describe it as a local file inclusion vulne...

CVE-2006-7050

WikkaWiki (Wikka Wiki) prior to 1.1.6.2 contains a Cross‑site Scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary JavaScript through (1) events in forced links (url parameter) not properly sanitized in formatters/wakka.php and possibly (2) other vectors in wikka.p...