CVE-2011-1579
EPSS 0.93%發布日:2011/4/27修改日:2026/4/28
描述
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.
受影響套件(1)
- Debian/mediawikifrom 0, < 1:1.15.5-5