FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ikiwiki -- javascript insertion via uris

Affected packages
ikiwiki < 2.32.3

Details

VuXML ID 739329c8-d8f0-11dc-ac2f-0016d325a0ed
Discovery 2008-02-10
Entry 2008-02-11
Modified 2010-05-12

The ikiwiki development team reports:

The htmlscrubber did not block javascript in uris. This was fixed by adding a whitelist of valid uri types, which does not include javascript. Some urls specifyable by the meta plugin could also theoretically have been used to inject javascript; this was also blocked.

[source]

References

CVE Name CVE-2008-0808
URL http://ikiwiki.info/security/#index30h2

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.