|
|
Log in / Subscribe / Register

ikiwiki: cross-site scripting

Package(s):ikiwiki CVE #(s):CVE-2011-1401
Created:April 11, 2011 Updated:April 22, 2011
Description: From the Debian advisory:

Tango discovered that ikiwiki, a wiki compiler, is not validating if the htmlscrubber plugin is enabled or not on a page when adding alternative stylesheets to pages. This enables an attacker who is able to upload custom stylesheets to add malicious stylesheets as an alternate stylesheet, or replace the default stylesheet, and thus conduct cross-site scripting attacks.

Alerts:
Debian DSA-2214-1 ikiwiki 2011-04-08
Fedora FEDORA-2011-5173 ikiwiki 2011-04-11
Fedora FEDORA-2011-5180 ikiwiki 2011-04-11
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds