Input passed via the "author" and "authorurl" parameters to meta directives when creating or editing a page is not properly sanitised before being used.
This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
The vulnerabilities are reported in versions prior to 3.20120516.
Update to version 3.20120516.
www-apps/ikiwiki-3.20120516 is in the tree.
Thanks, folks. Closing noglsa for ~arch only package.