Vulnerabilities

CVE-2011-1401

by Fred · 11/04/2011

ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.

Date published : 2011-04-11

http://www.securityfocus.com/bid/47285

http://ikiwiki.info/security/#index39h2

Similar

Tags: Cybersecurity Alert