Hide Forgot
An XSS vulnerability was found in ikiwiki. The instance in cgierror() is a potential cross-site scripting attack, because an attacker could conceivably cause some module to raise an exception that includes attacker-supplied HTML in its message, for example via a crafted filename. Upstream fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7 References: http://seclists.org/oss-sec/2016/q2/267
Created ikiwiki tracking bugs for this issue: Affects: fedora-all [bug 1334192] Affects: epel-6 [bug 1334193]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.