Description

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.

Remediation

References

CVE-2011-1579

Related Vulnerabilities

DOMPurify URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-25155)

ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2051)

MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)

WordPress 4.8.x Directory Traversal (4.8 - 4.8.24)

MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41799)

Severity

Medium

Classification

CVE-2011-1579 CWE-20

Tags

Missing Update Known Vulnerabilities