FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ikiwiki -- javascript insertion via uris

Affected packages
ikiwiki < 2.32.3


VuXML ID 739329c8-d8f0-11dc-ac2f-0016d325a0ed
Discovery 2008-02-10
Entry 2008-02-11
Modified 2010-05-12

The ikiwiki development team reports:

The htmlscrubber did not block javascript in uris. This was fixed by adding a whitelist of valid uri types, which does not include javascript. Some urls specifyable by the meta plugin could also theoretically have been used to inject javascript; this was also blocked.


CVE Name CVE-2008-0808