Back to search
CVE-2011-1579
Published: Apr 27, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2011-5495
vendor-advisory
x_refsource_FEDORA
https://bugzilla.wikimedia.org/show_bug.cgi?id=28450
x_refsource_CONFIRM
ADV-2011-0978
vdb-entry
x_refsource_VUPEN
http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856
x_refsource_CONFIRM
FEDORA-2011-5807
vendor-advisory
x_refsource_FEDORA
47354
vdb-entry
x_refsource_BID
44142
third-party-advisory
x_refsource_SECUNIA
FEDORA-2011-5848
vendor-advisory
x_refsource_FEDORA
ADV-2011-1151
vdb-entry
x_refsource_VUPEN
mediawiki-css-data-xss(66738)
vdb-entry
x_refsource_XF
DSA-2366
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=696360
x_refsource_CONFIRM
[mediawiki-announce] 20110412 MediaWiki security release 1.16.3
mailing-list
x_refsource_MLIST
ADV-2011-1100
vdb-entry
x_refsource_VUPEN
FEDORA-2011-5812
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=695577
x_refsource_CONFIRM
[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now