Back to search
CVE-2011-1401
Published: Apr 11, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-2214
vendor-advisory
x_refsource_DEBIAN
ADV-2011-1005
vdb-entry
x_refsource_VUPEN
ADV-2011-0907
vdb-entry
x_refsource_VUPEN
44137
third-party-advisory
x_refsource_SECUNIA
http://ikiwiki.info/security/#index39h2
x_refsource_CONFIRM
44079
third-party-advisory
x_refsource_SECUNIA
47285
vdb-entry
x_refsource_BID
FEDORA-2011-5249
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now