Tango

**Name of the Vulnerable Software and Affected Versions** ikiwiki versions prior to 3.20110328 **Description** The issue allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in the default stylesheet or an alternate stylesheet. This occurs because ikiwiki does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive. **Recommendations** For versions prior to 3.20110328, update to version 3.20110328 or later to resolve the issue.