4

Debian: 2020-1: ikiwiki: insufficient input sanitiza

view full story
linux-howto

http://www.linuxsecurity.com – LinuxSecurity.com: Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki compiler, performs insufficient input sanitization on data:image/svg+xml URIs. As these can contain script code this can be used by an attacker to conduct cross-site scripting attacks. [More...] (Security)