Skip to main content

Foswiki

5 CVEs product

Monthly

CVE-2026-2861 MEDIUM PATCH This Month

Information disclosure in Foswiki versions up to 2.1.10 allows unauthenticated remote attackers to access sensitive data through the Changes/Viewfile/Oops component. Public exploit code exists for this vulnerability. Upgrading to version 2.1.11 or later resolves the issue.

Information Disclosure Foswiki
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-33756 HIGH POC This Week

An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Foswiki
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24698 HIGH PATCH This Week

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Foswiki
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2012-6330 MEDIUM POC THREAT This Month

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.

Denial Of Service Twiki Foswiki
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
73.3%
Threat
4.7
CVE-2012-1004 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Foswiki
NVD
CVSS 2.0
2.1
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Information disclosure in Foswiki versions up to 2.1.10 allows unauthenticated remote attackers to access sensitive data through the Changes/Viewfile/Oops component. Public exploit code exists for this vulnerability. Upgrading to version 2.1.11 or later resolves the issue.

Information Disclosure Foswiki
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Foswiki
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Foswiki
NVD
EPSS 73% 4.7 CVSS 5.0
MEDIUM POC THREAT This Month

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.

Denial Of Service Twiki Foswiki
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Foswiki
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy