Unrated severityNVD Advisory· Published Nov 21, 2019· Updated Aug 6, 2024

CVE-2015-2793

Description

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.

Affected products

Ikiwiki/Ikiwikiv5
Range: before 3.20150329

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.htmlmitrex_refsource_MISC
lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.htmlmitrex_refsource_MISC
lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.htmlmitrex_refsource_MISC
openwall.com/lists/oss-security/2015/03/30/5mitrex_refsource_MISC
openwall.com/lists/oss-security/2015/03/31/1mitrex_refsource_MISC
source.ikiwiki.branchable.commitrex_refsource_MISC
bugs.debian.org/cgi-bin/bugreport.cgimitrex_refsource_MISC
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
ikiwiki.info/bugs/XSS_Alert...__33____33____33__/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000