CVE-2012-0220

Ikiwiki < 3.20120419 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.

References (8)

[Various Sources] http://ikiwiki.info/news/version_3.20120516/

[Various Sources] http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f

[Third Party Advisory, VDB Entry] http://osvdb.org/81995

[Vendor Advisory] http://secunia.com/advisories/49199

[Vendor Advisory] http://secunia.com/advisories/49232

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53599

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75702

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2474

Scores

EPSS 0.0047

EPSS Percentile 64.2%

Classification

CWE

CWE-79

Status published

Affected Products (50)

ikiwiki/ikiwiki < 3.20120419

ikiwiki/ikiwiki

... and 35 more

Timeline

Published May 29, 2012

Tracked Since Feb 18, 2026