CVE-2011-1579

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.16.3

Description The issue concerns the checkCss function in the wikitext parser, which fails to properly validate Cascading Style Sheets (CSS) token sequences. This allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using specific hex strings, such as 2f2a and 2a2f, to surround CSS comments.

Recommendations For versions prior to 1.16.3, update to version 1.16.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of CSS comments in the wikitext parser until a patch is applied.