{"id":"DEBIAN-CVE-2011-1401","details":"ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the \"meta stylesheet\" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.","modified":"2026-04-28T20:06:33.276346Z","published":"2011-04-11T18:55:03.710Z","upstream":["CVE-2011-1401"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2011-1401"}],"affected":[{"package":{"name":"ikiwiki","ecosystem":"Debian:11","purl":"pkg:deb/debian/ikiwiki?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20110328"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1401.json"}},{"package":{"name":"ikiwiki","ecosystem":"Debian:12","purl":"pkg:deb/debian/ikiwiki?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20110328"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1401.json"}},{"package":{"name":"ikiwiki","ecosystem":"Debian:13","purl":"pkg:deb/debian/ikiwiki?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20110328"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1401.json"}},{"package":{"name":"ikiwiki","ecosystem":"Debian:14","purl":"pkg:deb/debian/ikiwiki?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20110328"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1401.json"}}],"schema_version":"1.7.5"}