Cross site scripting

2011-04-1118:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the “meta stylesheet” directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.

CPENameOperatorVersion
ikiwikieq1.20
ikiwikieq2.8
ikiwikieq1.5
ikiwikieq3.07
ikiwikieq1.47
ikiwikieq1.43
ikiwikieq2.55
ikiwikieq3.14
ikiwikieq2.53
ikiwikieq3.14159