Summary
The remote host is missing an update to ikiwiki
announced via advisory DSA 2474-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202474-1
Insight
R Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.
For the stable distribution (squeeze), this problem has been fixed in version 3.20100815.9.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 3.20120516.
We recommend that you upgrade your ikiwiki packages.
Severity
Classification
-
CVE CVE-2012-0220 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities