Home > Vulnerability Database > CVE-2016-4561

Mend.io Vulnerability Database

CVE-2016-4561

Good to know:

Date: May 10, 2016

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

Language: Perl

Severity Score

7.2

Related Resources (7)

Url: http://ikiwiki.info/security/#index43h2

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-4561

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4561

Url: http://www.debian.org/security/2016/dsa-3571

Url: https://security-tracker.debian.org/tracker/CVE-2016-4561

Url: http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7

Url: https://www.mend.io/vulnerability-database/CVE-2016-4561

Severity Score

7.2

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 3.20160506

Learn More

CVSS v3

Base Score:	7.2
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE

CVSS v2

Base Score:	5.5
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-4561

Good to know:

Date: May 10, 2016

Language: Perl

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?