MediaWiki Improper Input Validation Vulnerability - CVE-2011-1579 - Vulnerability Database

MediaWiki Improper Input Validation Vulnerability - CVE-2011-1579

Medium

Reference: CVE-2011-1579

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-1579

Title: MediaWiki Improper Input Validation Vulnerability

Overview:

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the 2f2a and 2a2f hex strings to surround CSS comments.