CVE-2011-1579
MediaWiki < 1.16.3 - Cross-Site Scripting via CSS Comment Hex Encoding
Title source: llmDescription
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.
References (17)
Core 17
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
Issue Tracking x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=28450
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0978
Exploit, Patch x_refsource_confirm
http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47354
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44142
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1151
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66738
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2366
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=696360
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1100
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=695577
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/13/15
Scores
EPSS
0.0093
EPSS Percentile
76.4%
Details
CWE
CWE-20
Status
published
Products (42)
mediawiki/mediawiki
1.1.0
mediawiki/mediawiki
1.2.0
mediawiki/mediawiki
1.2.1
mediawiki/mediawiki
1.2.2
mediawiki/mediawiki
1.2.3
mediawiki/mediawiki
1.2.4
mediawiki/mediawiki
1.2.5
mediawiki/mediawiki
1.2.6
mediawiki/mediawiki
1.3
mediawiki/mediawiki
1.3.0
... and 32 more
Published
Apr 27, 2011
Tracked Since
Feb 18, 2026