CVE-2016-4561

Name	CVE-2016-4561
Description	Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
References	DLA-463-1, DSA-3571-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
ikiwiki (PTS)	buster	3.20190228-1	fixed
	bookworm, sid, bullseye	3.20200202.3-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
ikiwiki	source	wheezy	3.20120629.2+deb7u1	DLA-463-1
ikiwiki	source	jessie	3.20141016.3	DSA-3571-1
ikiwiki	source	(unstable)	3.20160506

Notes

http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7
https://www.openwall.com/lists/oss-security/2016/05/06/8