CVE-2011-1401
EPSS 0.39%ikiwiki - missing input validation
發布日:2011/4/11修改日:2026/4/28
描述
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
受影響套件(2)
- Debian/ikiwikifrom 0, < 3.20110328
- Debian/ikiwikifrom 0, < 2.53.6