Edgewall Software Trac — known CVE vulnerabilities
Every CVE whose affected-product data names Edgewall Software Trac, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2007-1406 — CVSS 10.0 (critical): Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has…
CVE-2006-5878 — CVSS 7.5 (high): Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions…
CVE-2005-3980 — CVSS 7.5 (high): SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute…
CVE-2005-4065 — CVSS 7.5 (high): SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands…
CVE-2006-3695 — CVSS 6.8 (medium): Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText)…
CVE-2005-2147 — CVSS 6.4 (medium): Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or…
CVE-2005-2007 — CVSS 6.4 (medium): Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot…
CVE-2008-3328 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or…
CVE-2005-4305 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or…
CVE-2005-4644 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web…
CVE-2006-2106 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script…
CVE-2007-1405 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet…