CVE-2010-1195
ikiwiki - cross-site scripting
EPSS 0.32%
Description
Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
How to fix CVE-2010-1195
To remediate CVE-2010-1195, upgrade the affected package to a fixed version below.
- Debian/ikiwiki—upgrade to 3.20100312 or later
- Debian/ikiwiki—upgrade to 2.53.5 or later
Is CVE-2010-1195 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.20100312
- from 0, < 2.53.5