Joey Hess · Ikiwiki · CVE-2010-1195
**Name of the Vulnerable Software and Affected Versions**
ikiwiki versions 2.x before 2.53.5
ikiwiki versions 3.x before 3.20100312
**Description**
A cross-site scripting (XSS) issue exists in the htmlscrubber component, allowing remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.
**Recommendations**
For ikiwiki versions 2.x before 2.53.5, update to version 2.53.5 or later.
For ikiwiki versions 3.x before 3.20100312, update to version 3.20100312 or later.