Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zcDY4LW01cXctOWc5d83uoQ
HTML Purifier cross-site scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
Permalink: https://github.com/advisories/GHSA-3p68-m5qw-9g9wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcDY4LW01cXctOWc5d83uoQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 25 days ago
Identifiers: GHSA-3p68-m5qw-9g9w, CVE-2010-4183
References:
- https://nvd.nist.gov/vuln/detail/CVE-2010-4183
- http://htmlpurifier.org/news/2010/0915-4.2.0-released
- http://htmlpurifier.org/security/2010/css-quoting
- https://github.com/FriendsOfPHP/security-advisories/blob/master/ezyang/htmlpurifier/CVE-2010-4183.yaml
- https://github.com/advisories/GHSA-3p68-m5qw-9g9w
Affected Packages
packagist:ezyang/htmlpurifier
Dependent packages: 417Dependent repositories: 36,567
Downloads: 190,680,073 total
Affected Version Ranges: < 4.1.0
Fixed in: 4.1.0
All affected versions:
All unaffected versions: 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.1, 4.9.2, 4.9.3, 4.10.0, 4.11.0, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 4.16.0, 4.17.0