FreeBSD : ikiwiki -- XSS vulnerability (0297b260-2b3b-11e6-ae88-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Mitre reports :

Cross-site scripting (XSS) vulnerability in the cgierror function in
CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to
inject arbitrary web script or HTML via unspecified vectors involving
an error message.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209593
http://www.nessus.org/u?fec4f003

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91475 ()

Bugtraq ID:

CVE ID: CVE-2016-4561

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now