CVE-2011-1579

2011-04-2700:55:04

Debian Security Bug Tracker

security-tracker.debian.org

0.004 Low

EPSS

Percentile

73.9%

JSON

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.

OSVersionArchitecturePackageVersionFilename
Debian12allmediawiki< 1:1.15.5-5mediawiki_1:1.15.5-5_all.deb
Debian11allmediawiki< 1:1.15.5-5mediawiki_1:1.15.5-5_all.deb
Debian10allmediawiki< 1:1.15.5-5mediawiki_1:1.15.5-5_all.deb
Debian999allmediawiki< 1:1.15.5-5mediawiki_1:1.15.5-5_all.deb
Debian13allmediawiki< 1:1.15.5-5mediawiki_1:1.15.5-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mediawiki	< 1:1.15.5-5	mediawiki_1:1.15.5-5_all.deb
Debian	11	all	mediawiki	< 1:1.15.5-5	mediawiki_1:1.15.5-5_all.deb
Debian	10	all	mediawiki	< 1:1.15.5-5	mediawiki_1:1.15.5-5_all.deb
Debian	999	all	mediawiki	< 1:1.15.5-5	mediawiki_1:1.15.5-5_all.deb
Debian	13	all	mediawiki	< 1:1.15.5-5	mediawiki_1:1.15.5-5_all.deb

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for DEBIANCVE:CVE-2011-1579