CVE-2008-0809

NameCVE-2008-0809
DescriptionCross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1523-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs465110
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ikiwiki (PTS)squeeze (security), squeeze3.20100815.9fixed
wheezy3.20120629fixed
jessie, sid3.20141016.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ikiwikisource(unstable)2.31.1low465110
ikiwikisourceetch1.33.4mediumDSA-1523-1

Search for package or bug name: Reporting problems