DEBIAN-CVE-2011-1401

DEBIAN-CVE-2011-1401 PUBLISHED CVSS 8.5 HIGH

ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:14	ikiwiki	0, 0, 0
Debian:11	ikiwiki	0, 0, 0
Debian:12	ikiwiki	0, 0, 0
Debian:13	ikiwiki	0, 0, 0

Timeline

Apr 11, 2011 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2011-1401 advisory

Open in Interactive Console →