Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki compiler, performs insufficient input sanitization on data:image/svg+xml URIs. As these can contain script code this can be used by an attacker to conduct cross-site scripting attacks. For the stable distribution , this problem has been fixed in version 2.53.5. For the testing distribution , this problem has been fixed in version 3.20100312. For the unstable distribution , this problem has been fixed in version 3.20100312.