CVE-2011-1579
EPSS 0.93%
Description
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.
How to fix CVE-2011-1579
To remediate CVE-2011-1579, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.15.5-5 or later
Is CVE-2011-1579 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.15.5-5