Wikimedia · Mediawiki · CVE-2011-1579
**Name of the Vulnerable Software and Affected Versions**
MediaWiki versions prior to 1.16.3
**Description**
The issue concerns the `checkCss` function in the wikitext parser, which fails to properly validate Cascading Style Sheets (CSS) token sequences. This allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using specific hex strings, such as `2f2a` and `2a2f`, to surround CSS comments.
**Recommendations**
For versions prior to 1.16.3, update to version 1.16.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of CSS comments in the wikitext parser until a patch is applied.