CVE-2011-1401 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-1401 PUBLISHED

Reported by mitre · Published April 11, 2011

ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a

Timeline

Apr 11, 2011 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

DSA-2214 vendor-advisoryx_refsource_DEBIAN
ADV-2011-1005 vdb-entryx_refsource_VUPEN
ADV-2011-0907 vdb-entryx_refsource_VUPEN
44137 third-party-advisoryx_refsource_SECUNIA
x_refsource_CONFIRM
44079 third-party-advisoryx_refsource_SECUNIA
47285 vdb-entryx_refsource_BID
FEDORA-2011-5249 vendor-advisoryx_refsource_FEDORA

Open in Interactive Console →