Ubuntu.comUB:CVE-2011-1579CVE-2011-1579
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
74.1%
The checkCss function in includes/Sanitizer.php in the wikitext parser in
MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets
(CSS) token sequences, which allows remote attackers to conduct cross-site
scripting (XSS) attacks or obtain sensitive information by using the \2f\2a
and \2a\2f hex strings to surround CSS comments.
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
74.1%