CVE-2011-1579Improper Input Validation in Mediawiki

CWE-20Improper Input Validation7 documents5 sources
Severity
5.8MEDIUMNVD
EPSS
0.9%
top 23.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedApr 27
Latest updateMay 17

Description

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.15.5-5 (bookworm)
Debianmediawiki/mediawiki< 1:1.15.5-5+3
NVDmediawiki/mediawiki1.16.2+110

Patches

Patch: www.mediawiki.orgPatch: www.vupen.comPatch: www.mediawiki.org

🔴Vulnerability Details

2
GHSA
GHSA-rwjq-pqc6-6rcp: The checkCss function in includes/Sanitizer2022-05-17
OSV
CVE-2011-1579: The checkCss function in includes/Sanitizer2011-04-27

📋Vendor Advisories

1
Debian
CVE-2011-1579: mediawiki - The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaW...2011

💬Community

3
Bugzilla
CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587 mediawiki: multiple vulnerabilities fixed in 1.16.3, 1.16.42011-04-13
Bugzilla
CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1765 mediawiki116 various flaws [epel-all]2011-04-13
Bugzilla
CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 mediawiki: multiple vulnerabilities fixed in 1.16.3 [fedora-all]2011-04-13
CVE-2011-1579 — Improper Input Validation in Mediawiki | cvebase