CVE-2016-4561

MEDIUM

Ikiwiki < 3.20160121 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

References (3)

[Vendor Advisory] http://ikiwiki.info/security/#index43h2

[Various Sources] http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3571

Scores

CVSS v3 6.1

EPSS 0.0030

EPSS Percentile 52.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (2)

ikiwiki/ikiwiki < 3.20160121

debian/debian_linux

Timeline

Published May 10, 2016

Tracked Since Feb 18, 2026