27 matches found
SUSE CVE-2011-1401
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...
ikiwiki 'htmlscrubber'插件跨站脚本漏洞
Bugtraq ID: 47285 CVE ID:CVE-2011-1401 ikiwiki是一款维基百科程序。 当向页面增加可替换样式表时,ikiwiki没有验证htmlscrubber是否在页面上启用。这可导致能上传定制样式表的攻击者增加恶意样式表作为可替换样式表或替换默认的样式表,从而进行跨站脚本攻击。 ikiwiki ikiwiki 2.53.5 ikiwiki ikiwiki 2.53.4 ikiwiki ikiwiki 2.31.1 ikiwiki ikiwiki 2.31 ikiwiki ikiwiki 3.20100312 ikiwiki ikiwiki 3.141592...
CVE-2011-1401
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...
DEBIAN-CVE-2011-1401
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...
CVE-2011-1401
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...
Cross site scripting
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...
CVE-2011-1401
CVE-2011-1401 affects ikiwiki before 3.20110328, where processing of the “meta stylesheet” did not verify if the htmlscrubber plugin was enabled. This enables remote authenticated users to perform cross-site scripting (XSS) via crafted CSS token sequences in the default or an alternate stylesheet...
CVE-2011-1401
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...
CVE-2011-1401
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...
DSA-2214-1 ikiwiki - missing input validation
Bulletin has no description...
Ikiwiki 'htmlscrubber' Cross Site Scripting Vulnerability
This host is installed Ikiwiki and is prone to Cross Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbikiwikihtmlscrubberxssvuln.nasl 5306 2017-02-16 09:00:16Z teissa $ Ikiwiki 'htmlscrubber' Cross Site Scripting Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 Greenbon...
Ikiwiki 'htmlscrubber' Cross Site Scripting Vulnerability
Ikiwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2010-1195
Cross-site scripting XSS vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI...
Cross site scripting
Cross-site scripting XSS vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI...
UBUNTU-CVE-2010-1195
Cross-site scripting XSS vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI...
CVE-2010-1195
Cross-site scripting XSS vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI...
CVE-2010-1195
Cross-site scripting XSS vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI...
CVE-2010-1195
Ikiwiki's htmlscrubber component is affected by an XSS vulnerability in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. The CVE entry and OpenVAS records describe the affected versi...
CVE-2010-1195
Cross-site scripting XSS vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI...
DSA-2020-1 ikiwiki - cross-site scripting
Bulletin has no description...