oss-sec mailing list archives
Re: CVE id request: ikiwiki
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 30 Mar 2010 16:41:06 -0400 (EDT)
On Wed, 17 Mar 2010, Nico Golde wrote:
"javascript insertion via svg uris Ivan Shmakov pointed out that the htmlscrubber allowed data:image/* urls, including data:image/svg+xml. But svg can contain javascript, so that is unsafe." http://ikiwiki.info/security/#index30h2
Note that this URL is erroneous (it's for an older, similar issue); you want this one:
http://ikiwiki.info/security/#index36h2 Use CVE-2010-1195 - Steve
Current thread:
- CVE id request: ikiwiki Nico Golde (Mar 17)
- Re: CVE id request: ikiwiki Steven M. Christey (Mar 30)