Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1401 to the following vulnerability: Name: CVE-2011-1401 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1401 Assigned: 20110310 Reference: http://ikiwiki.info/security/#index39h2 Reference: http://www.debian.org/security/2011/dsa-2214 Reference: http://www.securityfocus.com/bid/47285 ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.
Created ikiwiki tracking bugs for this issue Affects: fedora-all [bug 695502]
Updates had already been submitted: https://admin.fedoraproject.org/updates/ikiwiki-3.20110328-1.fc15 https://admin.fedoraproject.org/updates/ikiwiki-3.20110328-1.fc14 https://admin.fedoraproject.org/updates/ikiwiki-3.20100815.7-1.fc13
FEDORA-2011-5173 ikiwiki-3.20100815.7-1.fc13 FEDORA-2011-5180 ikiwiki-3.20110328-1.fc14 FEDORA-2011-5249 ikiwiki-3.20110328-1.fc15