Published: 19/02/2008 Updated: 05/09/2008

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki prior to 1.1.47 allows remote malicious users to inject arbitrary web script or HTML via meta tags.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ikiwiki ikiwiki 2.31
ikiwiki ikiwiki
ikiwiki ikiwiki 1.33.3

Debian Bug report logs - #465110 ikiwiki: CVE-2008-080{8,9} two cross-site scripting issues Package: ikiwiki; Maintainer for ikiwiki is Simon McVittie <smcv@debianorg>; Source for ikiwiki is src:ikiwiki (PTS, buildd, popcon) Reported by: Joey Hess <joeyh@debianorg> Date: Sun, 10 Feb 2008 18:48:02 UTC Severity: imp ...

Josh Triplett discovered that ikiwiki did not block Javascript in URLs, leading to cross-site scripting vulnerabilities (CVE-2008-0808, CVE-2008-0809) The old stable distribution (sarge) did not contain an ikiwiki package For the stable distribution (etch), this problem has been fixed in version 1334 For the unstable distribution (sid), this p ...

CWE-79 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110 http://ikiwiki.info/security/#index30h2 http://secunia.com/advisories/28911 http://www.securityfocus.com/bid/27760 http://www.debian.org/security/2008/dsa-1523 http://secunia.com/advisories/29369 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110 https://nvd.nist.gov https://www.debian.org/security/./dsa-1523

CVE-2008-0808

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect