Ikiwiki 'htmlscrubber' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed Ikiwiki and is prone to Cross Site Scripting vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary script code, in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to ikiwiki version 2.53.5 or 3.20100312 http://ikiwiki.info/download/

Insight

The flaw is caused by an input validation error in the htmlscrubber component when processing 'data:image/svg+xml' URIs.

Affected

ikiwiki versions 2.x through 2.53.4 and 3.x through 3.20100311

References

http://secunia.com/advisories/38983
http://www.vupen.com/english/advisories/2010/0662

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-1195

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability

Take action and discover your vulnerabilities