CVE-2010-1195

Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.

Published: 2010-03-31 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2010-1195 is rated Moderate Risk (44.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.70%). Core evidence: EPSS rose +1.38% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-1195

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.32% 1.70% +1.38%
2 2025-03-30 0.49% 0.32% -0.17%
3 2025-03-29 0.49%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-1195

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
8.6 2.9 [email protected]

Weakness enumeration for CVE-2010-1195

OS Trackers for CVE-2010-1195

vendor priority summary link
debian low CVE-2010-1195 low priority: Debian including 1 source packages (ikiwiki), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2010-1195
redhat medium https://access.redhat.com/security/cve/CVE-2010-1195
ubuntu medium CVE-2010-1195 medium priority: Ubuntu including 1 source packages (ikiwiki), 24 status rows across 24 suites (artful, bionic, cosmic, dapper, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 18, not-affected 3, DNE 2, released 1. https://ubuntu.com/security/CVE-2010-1195

Affected software / configurations for CVE-2010-1195

Vendor Product Version Raw CPE
ikiwiki ikiwiki 2.0 cpe:2.3:a:ikiwiki:ikiwiki:2.0:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.1 cpe:2.3:a:ikiwiki:ikiwiki:2.1:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.2 cpe:2.3:a:ikiwiki:ikiwiki:2.2:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.3 cpe:2.3:a:ikiwiki:ikiwiki:2.3:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.4 cpe:2.3:a:ikiwiki:ikiwiki:2.4:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.5 cpe:2.3:a:ikiwiki:ikiwiki:2.5:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.10 cpe:2.3:a:ikiwiki:ikiwiki:2.10:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.11 cpe:2.3:a:ikiwiki:ikiwiki:2.11:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.12 cpe:2.3:a:ikiwiki:ikiwiki:2.12:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.13 cpe:2.3:a:ikiwiki:ikiwiki:2.13:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.14 cpe:2.3:a:ikiwiki:ikiwiki:2.14:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.15 cpe:2.3:a:ikiwiki:ikiwiki:2.15:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.16 cpe:2.3:a:ikiwiki:ikiwiki:2.16:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.17 cpe:2.3:a:ikiwiki:ikiwiki:2.17:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.18 cpe:2.3:a:ikiwiki:ikiwiki:2.18:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.19 cpe:2.3:a:ikiwiki:ikiwiki:2.19:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.20 cpe:2.3:a:ikiwiki:ikiwiki:2.20:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.30 cpe:2.3:a:ikiwiki:ikiwiki:2.30:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.31 cpe:2.3:a:ikiwiki:ikiwiki:2.31:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.31.1 cpe:2.3:a:ikiwiki:ikiwiki:2.31.1:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.31.2 cpe:2.3:a:ikiwiki:ikiwiki:2.31.2:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.31.3 cpe:2.3:a:ikiwiki:ikiwiki:2.31.3:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.40 cpe:2.3:a:ikiwiki:ikiwiki:2.40:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.41 cpe:2.3:a:ikiwiki:ikiwiki:2.41:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.42 cpe:2.3:a:ikiwiki:ikiwiki:2.42:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.43 cpe:2.3:a:ikiwiki:ikiwiki:2.43:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.44 cpe:2.3:a:ikiwiki:ikiwiki:2.44:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.45 cpe:2.3:a:ikiwiki:ikiwiki:2.45:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.46 cpe:2.3:a:ikiwiki:ikiwiki:2.46:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.47 cpe:2.3:a:ikiwiki:ikiwiki:2.47:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.48 cpe:2.3:a:ikiwiki:ikiwiki:2.48:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.49 cpe:2.3:a:ikiwiki:ikiwiki:2.49:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.50 cpe:2.3:a:ikiwiki:ikiwiki:2.50:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.51 cpe:2.3:a:ikiwiki:ikiwiki:2.51:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.52 cpe:2.3:a:ikiwiki:ikiwiki:2.52:*:*:*:*:*:*:*
ikiwiki ikiwiki 2.53 cpe:2.3:a:ikiwiki:ikiwiki:2.53:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.00 cpe:2.3:a:ikiwiki:ikiwiki:3.00:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.01 cpe:2.3:a:ikiwiki:ikiwiki:3.01:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.02 cpe:2.3:a:ikiwiki:ikiwiki:3.02:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.03 cpe:2.3:a:ikiwiki:ikiwiki:3.03:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.04 cpe:2.3:a:ikiwiki:ikiwiki:3.04:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.05 cpe:2.3:a:ikiwiki:ikiwiki:3.05:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.06 cpe:2.3:a:ikiwiki:ikiwiki:3.06:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.07 cpe:2.3:a:ikiwiki:ikiwiki:3.07:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.08 cpe:2.3:a:ikiwiki:ikiwiki:3.08:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.09 cpe:2.3:a:ikiwiki:ikiwiki:3.09:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.10 cpe:2.3:a:ikiwiki:ikiwiki:3.10:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.11 cpe:2.3:a:ikiwiki:ikiwiki:3.11:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.12 cpe:2.3:a:ikiwiki:ikiwiki:3.12:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.13 cpe:2.3:a:ikiwiki:ikiwiki:3.13:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.14 cpe:2.3:a:ikiwiki:ikiwiki:3.14:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.141 cpe:2.3:a:ikiwiki:ikiwiki:3.141:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.1415 cpe:2.3:a:ikiwiki:ikiwiki:3.1415:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.14159 cpe:2.3:a:ikiwiki:ikiwiki:3.14159:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.141592 cpe:2.3:a:ikiwiki:ikiwiki:3.141592:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.1415926 cpe:2.3:a:ikiwiki:ikiwiki:3.1415926:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.14159265 cpe:2.3:a:ikiwiki:ikiwiki:3.14159265:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20091009 cpe:2.3:a:ikiwiki:ikiwiki:3.20091009:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20091017 cpe:2.3:a:ikiwiki:ikiwiki:3.20091017:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20091022 cpe:2.3:a:ikiwiki:ikiwiki:3.20091022:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20091023 cpe:2.3:a:ikiwiki:ikiwiki:3.20091023:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20091031 cpe:2.3:a:ikiwiki:ikiwiki:3.20091031:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20091113 cpe:2.3:a:ikiwiki:ikiwiki:3.20091113:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20091202 cpe:2.3:a:ikiwiki:ikiwiki:3.20091202:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20091218 cpe:2.3:a:ikiwiki:ikiwiki:3.20091218:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20100102.3 cpe:2.3:a:ikiwiki:ikiwiki:3.20100102.3:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20100122 cpe:2.3:a:ikiwiki:ikiwiki:3.20100122:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20100212 cpe:2.3:a:ikiwiki:ikiwiki:3.20100212:*:*:*:*:*:*:*
ikiwiki ikiwiki 3.20100302 cpe:2.3:a:ikiwiki:ikiwiki:3.20100302:*:*:*:*:*:*:*

References for CVE-2010-1195

cvelogic Threat Intelligence