VDB
CVE-2011-1401
CVE-2011-1401
PUBLISHED
Reported by mitre · Published April 11, 2011
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Timeline
- Apr 11, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- DSA-2214 vendor-advisoryx_refsource_DEBIAN
- ADV-2011-1005 vdb-entryx_refsource_VUPEN
- ADV-2011-0907 vdb-entryx_refsource_VUPEN
- 44137 third-party-advisoryx_refsource_SECUNIA
- x_refsource_CONFIRM
- 44079 third-party-advisoryx_refsource_SECUNIA
- 47285 vdb-entryx_refsource_BID
- FEDORA-2011-5249 vendor-advisoryx_refsource_FEDORA