CVE-2015-2793

Published: 21 November 2019

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
ikiwiki
Launchpad, Ubuntu, Debian
Upstream
Released (3.20141016.2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.20141016.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.20141016.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)