CVE-2011-1401

NameCVE-2011-1401
Descriptionikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2214-1
NVD severitylow (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ikiwiki (PTS)wheezy3.20120629.2fixed
wheezy (security)3.20120629.2+deb7u1fixed
jessie (security), jessie3.20141016.3fixed
stretch, sid3.20160509fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ikiwikisource(unstable)3.20110328low
ikiwikisourcelenny2.53.6lowDSA-2214-1
ikiwikisourcesqueeze3.20100815.7lowDSA-2214-1

Search for package or bug name: Reporting problems