ikiwiki CVE-2012-0220 Multiple Cross Site Scripting Vulnerabilities
BID:53599
Info
ikiwiki CVE-2012-0220 Multiple Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 53599 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0220 |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2012 12:00AM |
| Updated: | Apr 13 2015 09:42PM |
| Credit: | Raúl Benencia |
| Vulnerable: |
ikiwiki ikiwiki 3.20110328 ikiwiki ikiwiki 3.20100815.7 ikiwiki ikiwiki 3.20100312 ikiwiki ikiwiki 3.1415926 ikiwiki ikiwiki 3.141592 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
ikiwiki ikiwiki 3.20120516 |
Discussion
ikiwiki CVE-2012-0220 Multiple Cross Site Scripting Vulnerabilities
ikiwiki is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
ikiwiki is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.