{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","type":"deb","namespace":"debian","name":"ikiwiki","version":"3.20260201-3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72751?format=json","vulnerability_id":"VCID-3cna-1rfb-kfcv","summary":"A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0356","reference_id":"","reference_type":"","scores":[{"value":"0.03271","scoring_system":"epss","scoring_elements":"0.87397","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03271","scoring_system":"epss","scoring_elements":"0.87419","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03271","scoring_system":"epss","scoring_elements":"0.87417","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03271","scoring_system":"epss","scoring_elements":"0.87415","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03271","scoring_system":"epss","scoring_elements":"0.87414","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03271","scoring_system":"epss","scoring_elements":"0.87427","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0356"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98994?format=json","purl":"pkg:deb/debian/ikiwiki@3.20170111?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20170111%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2017-0356"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cna-1rfb-kfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72746?format=json","vulnerability_id":"VCID-3rh7-uyhz-cyfv","summary":"Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2793","reference_id":"","reference_type":"","scores":[{"value":"0.01289","scoring_system":"epss","scoring_elements":"0.79995","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01289","scoring_system":"epss","scoring_elements":"0.80021","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01289","scoring_system":"epss","scoring_elements":"0.80025","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01289","scoring_system":"epss","scoring_elements":"0.80019","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01289","scoring_system":"epss","scoring_elements":"0.80009","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01289","scoring_system":"epss","scoring_elements":"0.80029","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2793"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483","reference_id":"781483","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98987?format=json","purl":"pkg:deb/debian/ikiwiki@3.20141016.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20141016.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2015-2793"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rh7-uyhz-cyfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72744?format=json","vulnerability_id":"VCID-5qkj-wznq-bybf","summary":"ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1408","reference_id":"","reference_type":"","scores":[{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70051","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70091","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.701","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70083","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.7007","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.70094","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98984?format=json","purl":"pkg:deb/debian/ikiwiki@3.20110608?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20110608%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2011-1408"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qkj-wznq-bybf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72735?format=json","vulnerability_id":"VCID-6fz1-wnf1-k3cr","summary":"Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0165","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47654","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47718","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47719","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47701","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47671","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47684","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0165"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98971?format=json","purl":"pkg:deb/debian/ikiwiki@2.42?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@2.42%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2008-0165"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fz1-wnf1-k3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72749?format=json","vulnerability_id":"VCID-6rb8-k2nn-akbn","summary":"The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9645","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36926","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37017","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37024","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36991","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36952","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36965","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9645"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98991?format=json","purl":"pkg:deb/debian/ikiwiki@3.20161229?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20161229%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2016-9645"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rb8-k2nn-akbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72739?format=json","vulnerability_id":"VCID-7hfx-889z-fubk","summary":"Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2944.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2944.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2944","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67592","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67633","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6764","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6763","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67614","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67628","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2944"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2944","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2944"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=520543","reference_id":"520543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=520543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98979?format=json","purl":"pkg:deb/debian/ikiwiki@3.1415926?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.1415926%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2009-2944"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hfx-889z-fubk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72740?format=json","vulnerability_id":"VCID-9zze-u356-pfe9","summary":"Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1195.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1195.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1195","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55332","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55388","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55393","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55382","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55362","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55381","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1195"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=574548","reference_id":"574548","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=574548"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98980?format=json","purl":"pkg:deb/debian/ikiwiki@3.20100312?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20100312%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2010-1195"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zze-u356-pfe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72750?format=json","vulnerability_id":"VCID-cpa7-k6pu-6bh2","summary":"ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9646","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33629","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33731","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33744","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3371","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33675","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.337","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0356"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98991?format=json","purl":"pkg:deb/debian/ikiwiki@3.20161229?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20161229%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2016-9646"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpa7-k6pu-6bh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72743?format=json","vulnerability_id":"VCID-dqdc-nr6n-5kdw","summary":"ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the \"meta stylesheet\" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1401","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60021","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60068","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60071","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60059","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60042","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.6006","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1401"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98983?format=json","purl":"pkg:deb/debian/ikiwiki@3.20110328?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20110328%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2011-1401"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqdc-nr6n-5kdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72742?format=json","vulnerability_id":"VCID-gmfa-eag6-duam","summary":"Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0428","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55099","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55158","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55165","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55156","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55157","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0428"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0428","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98982?format=json","purl":"pkg:deb/debian/ikiwiki@3.20110122?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20110122%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2011-0428"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmfa-eag6-duam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72738?format=json","vulnerability_id":"VCID-jpf4-6p2d-mkhu","summary":"Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0809","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57837","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57889","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57897","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57886","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57873","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110","reference_id":"465110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98977?format=json","purl":"pkg:deb/debian/ikiwiki@2.31.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@2.31.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2008-0809"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpf4-6p2d-mkhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72741?format=json","vulnerability_id":"VCID-n458-9y6h-gbh3","summary":"A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1673","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56336","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56392","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56399","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56386","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56369","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98981?format=json","purl":"pkg:deb/debian/ikiwiki@3.20101112?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20101112%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2010-1673"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n458-9y6h-gbh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72745?format=json","vulnerability_id":"VCID-s6rk-u2z8-gqaj","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0220","reference_id":"","reference_type":"","scores":[{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64811","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64853","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64863","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64852","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64841","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64859","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0220"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98985?format=json","purl":"pkg:deb/debian/ikiwiki@3.20120516?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20120516%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2012-0220"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6rk-u2z8-gqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72752?format=json","vulnerability_id":"VCID-svg2-r8zh-sya9","summary":"ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9187","reference_id":"","reference_type":"","scores":[{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.5463","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54688","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54699","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54692","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.5467","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54691","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9187"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98995?format=json","purl":"pkg:deb/debian/ikiwiki@3.20190228-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20190228-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2019-9187"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svg2-r8zh-sya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72737?format=json","vulnerability_id":"VCID-ty1p-6b5u-87cj","summary":"Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0808","reference_id":"","reference_type":"","scores":[{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66662","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66701","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66709","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66694","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66679","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66696","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0808"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110","reference_id":"465110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98977?format=json","purl":"pkg:deb/debian/ikiwiki@2.31.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@2.31.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2008-0808"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ty1p-6b5u-87cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72747?format=json","vulnerability_id":"VCID-vc6t-y368-bkhk","summary":"ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10026","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44126","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44195","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44202","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44177","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44141","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44152","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0356"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98989?format=json","purl":"pkg:deb/debian/ikiwiki@3.20161219?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20161219%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2016-10026"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vc6t-y368-bkhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72736?format=json","vulnerability_id":"VCID-vq26-h1hj-sfhv","summary":"Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0169","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64831","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64873","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64883","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64872","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64861","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64879","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0169"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770","reference_id":"483770","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98975?format=json","purl":"pkg:deb/debian/ikiwiki@2.48?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@2.48%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2008-0169"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq26-h1hj-sfhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72748?format=json","vulnerability_id":"VCID-zq24-3hza-fkhh","summary":"Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4561","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53241","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53301","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53309","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53292","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53267","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53291","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4561"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/98990?format=json","purl":"pkg:deb/debian/ikiwiki@3.20160506?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20160506%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98970?format=json","purl":"pkg:deb/debian/ikiwiki@3.20200202.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20200202.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98974?format=json","purl":"pkg:deb/debian/ikiwiki@3.20250501-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20250501-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98972?format=json","purl":"pkg:deb/debian/ikiwiki@3.20260201-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}],"aliases":["CVE-2016-4561"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zq24-3hza-fkhh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ikiwiki@3.20260201-3%3Fdistro=trixie"}