CVE-2011-1401
EPSS 0.39%ikiwiki - missing input validation
Published: 4/11/2011Modified: 4/28/2026
Description
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
Affected packages (2)
- Debian/ikiwikifrom 0, < 3.20110328
- Debian/ikiwikifrom 0, < 2.53.6