CVE-2016-4561

MEDIUM6.1EPSS 0.30%

ikiwiki - security update

Published: 5/10/2016Modified: 3/9/2026

Also known as:DEBIAN-CVE-2016-4561DLA-463-1

Description

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

Affected packages (3)

Debian/ikiwikifrom 0, < 3.20160506
Debian/ikiwikifrom 0, < 3.20120629.2+deb7u1
Debian/ikiwikifrom 0, < 3.20141016.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-4561