View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2011-1401 medium priority: Ubuntu including 1 source packages (ikiwiki), 12 status rows across 12 suites (dapper, hardy, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, upstream): ignored 5, not-affected 5, DNE 1, released 1.
ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.