Debian DSA-1523-1 : ikiwiki - XSS

Josh Triplett discovered that ikiwiki did not block JavaScript in URLs, leading to cross-site scripting vulnerabilities CVE-2008-0808, CVE-2008-0809 . The old stable distribution sarge did not contain an ikiwiki package. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

[SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1523-1 [email protected] http://www.debian.org/security/ Florian Weimer March 17, 2008 http://www.debian.org/security/faq -...

DSA-1523-1 ikiwiki - cross-site scripting

Bulletin has no description...

CVE-2008-0809

Cross-site scripting XSS vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents...

CVE-2008-0809

The CVE-2008-0809 entry describes a Cross-Site Scripting (XSS) vulnerability in ikiwiki’s htmlscrubber prior to version 1.1.46. The flaw allows remote attackers to inject arbitrary script or HTML via the title contents, enabling script execution in a victim’s browser when viewing affected pages. ...

CVE-2008-0809

Cross-site scripting XSS vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents...