CVE-2011-1579
Publication date 27 April 2011
Last updated 24 July 2024
Ubuntu priority
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.
Status
Package | Ubuntu Release | Status |
---|---|---|
mediawiki | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |