Debian Security Advisory
DSA-2474-1 ikiwiki -- cross-site scripting
- Date Reported:
- 16 May 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0220.
- More information:
Raúl Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.
For the stable distribution (squeeze), this problem has been fixed in version 3.20100815.9.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 3.20120516.
We recommend that you upgrade your ikiwiki packages.