CVE-2011-1579

EPSS 0.93%

Published: 4/27/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-1579

Description

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.

Affected packages (1)

Debian/mediawikifrom 0, < 1:1.15.5-5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1579