The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2011-04-27T00:00:00
Updated: 2024-08-06T22:28:41.908Z
Reserved: 2011-04-05T00:00:00
Link: CVE-2011-1579
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-04-27T00:55:04.600
Modified: 2017-08-17T01:34:16.323
Link: CVE-2011-1579
Redhat
No data.