CVE-2010-4183

EPSS 0.26%

HTML Purifier cross-site scripting (XSS) vulnerability

發布日:2022/5/13修改日:2026/4/28

也稱為:GHSA-3p68-m5qw-9g9wDEBIAN-CVE-2010-4183

描述

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

受影響套件(2)

Debian/php-htmlpurifierfrom 0, < 4.1.1+dfsg1-1
Packagist/ezyang/htmlpurifierfrom 0, < 4.1.0

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-4183
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-4183
PATCHhttps://github.com/ezyang/htmlpurifier
WEBhttp://htmlpurifier.org/news/2010/0915-4.2.0-released
WEBhttp://htmlpurifier.org/security/2010/css-quoting
WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/ezyang/htmlpurifier/CVE-2010-4183.yaml