CVE-2010-4183
EPSS 0.26%HTML Purifier cross-site scripting (XSS) vulnerability
Published: 5/13/2022Modified: 4/28/2026
Description
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
Affected packages (2)
- Debian/php-htmlpurifierfrom 0, < 4.1.1+dfsg1-1
- Packagist/ezyang/htmlpurifierfrom 0, < 4.1.0
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-4183
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-4183
- PATCHhttps://github.com/ezyang/htmlpurifier
- WEBhttp://htmlpurifier.org/news/2010/0915-4.2.0-released
- WEBhttp://htmlpurifier.org/security/2010/css-quoting
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/ezyang/htmlpurifier/CVE-2010-4183.yaml