urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add CVE ids

master
Joey Hess 2008-02-20 16:48:38 -05:00
parent 5f1a97d954
commit 0737121a73
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/security.mdwn
View File

@ -356,9 +356,10 @@ allow the security hole to be exploited.
## javascript insertion via uris
The htmlscrubber did not block javascript in uris. This was fixed by adding
a whitelist of valid uri types, which does not include javascript. Some
urls specifyable by the meta plugin could also theoretically have been used
to inject javascript; this was also blocked.
a whitelist of valid uri types, which does not include javascript.
([[cve CVE-2008-0809]]) Some urls specifyable by the meta plugin could also
theoretically have been used to inject javascript; this was also blocked
([[cve CVE-2008-0808]]).
This hole was discovered on 10 February 2008 and fixed the same day
with the release of ikiwiki 2.31.1. (And a few subsequent versions..)