Vulnerability Description
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ikiwiki | Ikiwiki | <= 3.20110321 |
Related Weaknesses (CWE)
References
- http://ikiwiki.info/security/#index39h2
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html
- http://secunia.com/advisories/44079
- http://secunia.com/advisories/44137
- http://www.debian.org/security/2011/dsa-2214
- http://www.securityfocus.com/bid/47285
- http://www.vupen.com/english/advisories/2011/0907
- http://www.vupen.com/english/advisories/2011/1005
- http://ikiwiki.info/security/#index39h2
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058403.html
- http://secunia.com/advisories/44079
- http://secunia.com/advisories/44137
- http://www.debian.org/security/2011/dsa-2214
- http://www.securityfocus.com/bid/47285
- http://www.vupen.com/english/advisories/2011/0907
FAQ
What is CVE-2011-1401?
CVE-2011-1401 is a vulnerability with a CVSS score of 3.5 (LOW). ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-s...
How severe is CVE-2011-1401?
CVE-2011-1401 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1401?
Check the references section above for vendor advisories and patch information. Affected products include: Ikiwiki Ikiwiki.