CVE-2016-4561: XSS
First published: Tue May 10 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ikiwiki Hosting Project | <=3.20160121 | |
| Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4561?
CVE-2016-4561 has a medium severity rating due to its XSS vulnerability allowing remote code execution through crafted error messages.
How do I fix CVE-2016-4561?
To fix CVE-2016-4561, update to ikiwiki version 3.20160506 or later where the vulnerability is addressed.
What types of software are affected by CVE-2016-4561?
CVE-2016-4561 affects versions of ikiwiki prior to 3.20160506 and Debian version 8.0.
What impact does CVE-2016-4561 have on users?
CVE-2016-4561 can allow attackers to inject arbitrary web scripts or HTML, potentially compromising user data and system integrity.
Can CVE-2016-4561 be exploited easily?
Yes, CVE-2016-4561 can be easily exploited through manipulated error messages displayed by the affected application.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ikiwiki
- canonical/ikiwiki hosting project
- version/ikiwiki hosting project/3.20160121
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0