Lucene search
HistoryJul 06, 2010 - 5:17 p.m.
CVE-2010-2479
cve
2010
2479
cross-site scripting
xss
html purifier
mahara
internet explorer
remote attackers
web script
html
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.7%
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
Node
htmlpurifierhtmlpurifierRange≤4.1.0
ORhtmlpurifierhtmlpurifierRange≤4.1.0lite
ORhtmlpurifierhtmlpurifierRange≤4.1.0standalone
ORhtmlpurifierhtmlpurifierMatch1.0.0
ORhtmlpurifierhtmlpurifierMatch1.0.0beta
ORhtmlpurifierhtmlpurifierMatch1.0.1
ORhtmlpurifierhtmlpurifierMatch1.1.0
ORhtmlpurifierhtmlpurifierMatch1.1.1
ORhtmlpurifierhtmlpurifierMatch1.1.2
ORhtmlpurifierhtmlpurifierMatch1.2.0
ORhtmlpurifierhtmlpurifierMatch1.3.0
ORhtmlpurifierhtmlpurifierMatch1.3.1
ORhtmlpurifierhtmlpurifierMatch1.3.2
ORhtmlpurifierhtmlpurifierMatch1.4.0
ORhtmlpurifierhtmlpurifierMatch1.4.0strict
ORhtmlpurifierhtmlpurifierMatch1.4.1
ORhtmlpurifierhtmlpurifierMatch1.4.1strict
ORhtmlpurifierhtmlpurifierMatch1.5.0
ORhtmlpurifierhtmlpurifierMatch1.5.0strict
ORhtmlpurifierhtmlpurifierMatch1.6.0
ORhtmlpurifierhtmlpurifierMatch1.6.0strict
ORhtmlpurifierhtmlpurifierMatch1.6.1
ORhtmlpurifierhtmlpurifierMatch1.6.1strict
ORhtmlpurifierhtmlpurifierMatch2.0.0
ORhtmlpurifierhtmlpurifierMatch2.0.0strict
ORhtmlpurifierhtmlpurifierMatch2.0.1
ORhtmlpurifierhtmlpurifierMatch2.0.1strict
ORhtmlpurifierhtmlpurifierMatch2.1.0
ORhtmlpurifierhtmlpurifierMatch2.1.0lite
ORhtmlpurifierhtmlpurifierMatch2.1.0standalone
ORhtmlpurifierhtmlpurifierMatch2.1.0strict
ORhtmlpurifierhtmlpurifierMatch2.1.0strict-lite
ORhtmlpurifierhtmlpurifierMatch2.1.0strict-standalone
ORhtmlpurifierhtmlpurifierMatch2.1.1
ORhtmlpurifierhtmlpurifierMatch2.1.1lite
ORhtmlpurifierhtmlpurifierMatch2.1.1standalone
ORhtmlpurifierhtmlpurifierMatch2.1.1strict
ORhtmlpurifierhtmlpurifierMatch2.1.1strict-lite
ORhtmlpurifierhtmlpurifierMatch2.1.1strict-standalone
ORhtmlpurifierhtmlpurifierMatch2.1.2
ORhtmlpurifierhtmlpurifierMatch2.1.2lite
ORhtmlpurifierhtmlpurifierMatch2.1.2standalone
ORhtmlpurifierhtmlpurifierMatch2.1.2strict
ORhtmlpurifierhtmlpurifierMatch2.1.2strict-lite
ORhtmlpurifierhtmlpurifierMatch2.1.2strict-standalone
ORhtmlpurifierhtmlpurifierMatch2.1.3
ORhtmlpurifierhtmlpurifierMatch2.1.3lite
ORhtmlpurifierhtmlpurifierMatch2.1.3standalone
ORhtmlpurifierhtmlpurifierMatch2.1.3strict
ORhtmlpurifierhtmlpurifierMatch2.1.3strict-lite
ORhtmlpurifierhtmlpurifierMatch2.1.3strict-standalone
ORhtmlpurifierhtmlpurifierMatch2.1.4
ORhtmlpurifierhtmlpurifierMatch2.1.4lite
ORhtmlpurifierhtmlpurifierMatch2.1.4standalone
ORhtmlpurifierhtmlpurifierMatch2.1.5
ORhtmlpurifierhtmlpurifierMatch2.1.5lite
ORhtmlpurifierhtmlpurifierMatch2.1.5standalone
ORhtmlpurifierhtmlpurifierMatch3.0.0
ORhtmlpurifierhtmlpurifierMatch3.0.0lite
ORhtmlpurifierhtmlpurifierMatch3.0.0standalone
ORhtmlpurifierhtmlpurifierMatch3.1.0
ORhtmlpurifierhtmlpurifierMatch3.1.0lite
ORhtmlpurifierhtmlpurifierMatch3.1.0standalone
ORhtmlpurifierhtmlpurifierMatch3.1.0rc1
ORhtmlpurifierhtmlpurifierMatch3.1.0rc1lite
ORhtmlpurifierhtmlpurifierMatch3.1.0rc1standalone
ORhtmlpurifierhtmlpurifierMatch3.1.1
ORhtmlpurifierhtmlpurifierMatch3.1.1lite
ORhtmlpurifierhtmlpurifierMatch3.1.1standalone
ORhtmlpurifierhtmlpurifierMatch3.2.0
ORhtmlpurifierhtmlpurifierMatch3.2.0lite
ORhtmlpurifierhtmlpurifierMatch3.2.0standalone
ORhtmlpurifierhtmlpurifierMatch3.3.0
ORhtmlpurifierhtmlpurifierMatch3.3.0lite
ORhtmlpurifierhtmlpurifierMatch3.3.0standalone
ORhtmlpurifierhtmlpurifierMatch4.0.0
ORhtmlpurifierhtmlpurifierMatch4.0.0lite
ORhtmlpurifierhtmlpurifierMatch4.0.0standalone
Node
maharamaharaRange≤1.0.14
ORmaharamaharaMatch0.9.0
ORmaharamaharaMatch0.9.1
ORmaharamaharaMatch0.9.2
ORmaharamaharaMatch1.0.0
ORmaharamaharaMatch1.0.1
ORmaharamaharaMatch1.0.2
ORmaharamaharaMatch1.0.3
ORmaharamaharaMatch1.0.4
ORmaharamaharaMatch1.0.5
ORmaharamaharaMatch1.0.6
ORmaharamaharaMatch1.0.7
ORmaharamaharaMatch1.0.8
ORmaharamaharaMatch1.0.9
ORmaharamaharaMatch1.0.10
ORmaharamaharaMatch1.0.11
ORmaharamaharaMatch1.0.12
ORmaharamaharaMatch1.0.13
Node
maharamaharaMatch1.1.0
ORmaharamaharaMatch1.1.0alpha1
ORmaharamaharaMatch1.1.0alpha2
ORmaharamaharaMatch1.1.0alpha3
ORmaharamaharaMatch1.1.0beta1
ORmaharamaharaMatch1.1.0beta2
ORmaharamaharaMatch1.1.0beta3
ORmaharamaharaMatch1.1.0beta4
ORmaharamaharaMatch1.1.0rc1
ORmaharamaharaMatch1.1.0rc2
ORmaharamaharaMatch1.1.1
ORmaharamaharaMatch1.1.2
ORmaharamaharaMatch1.1.3
ORmaharamaharaMatch1.1.4
ORmaharamaharaMatch1.1.5
ORmaharamaharaMatch1.1.6
ORmaharamaharaMatch1.1.7
ORmaharamaharaMatch1.1.8
Node
maharamaharaMatch1.2.0
ORmaharamaharaMatch1.2.0alpha1
ORmaharamaharaMatch1.2.0alpha2
ORmaharamaharaMatch1.2.0alpha3
ORmaharamaharaMatch1.2.0beta1
ORmaharamaharaMatch1.2.0beta2
ORmaharamaharaMatch1.2.0beta3
ORmaharamaharaMatch1.2.0beta4
ORmaharamaharaMatch1.2.0rc1
ORmaharamaharaMatch1.2.1
ORmaharamaharaMatch1.2.2
ORmaharamaharaMatch1.2.3
ORmaharamaharaMatch1.2.4
References
htmlpurifier.org/news/2010/0531-4.1.1-released
repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230
secunia.com/advisories/39613
secunia.com/advisories/40431
wiki.mahara.org/Release_Notes/1.0.15
wiki.mahara.org/Release_Notes/1.1.9
wiki.mahara.org/Release_Notes/1.2.5
www.securityfocus.com/bid/41259
Related
osv
osv
HTML Purifier Cross-site Scripting (XSS) vulnerability
2022-05-17 05:49:44
HTML Purifier cross-site scripting (XSS) vulnerability
2022-05-13 01:07:48
mahara - several vulnerabilities
2010-07-02 00:00:00
friendsofphp
friendsofphp
XSS vulnerability exploitable on Internet Explorer
2010-06-01 00:00:00
XSS vulnerability exploitable on Internet Explorer
2010-06-01 00:00:00
prion
prion
Cross site scripting
2010-07-06 17:17:00
Cross site scripting
2010-11-05 17:00:00
ubuntucve
ubuntucve
CVE-2010-2479
2010-07-06 00:00:00
CVE-2010-4183
2010-11-05 00:00:00
nvd
nvd
CVE-2010-2479
2010-07-06 17:17:14
CVE-2010-4183
2010-11-05 17:00:03
github
github
HTML Purifier Cross-site Scripting (XSS) vulnerability
2022-05-17 05:49:44
HTML Purifier cross-site scripting (XSS) vulnerability
2022-05-13 01:07:48
cvelist
cvelist
CVE-2010-2479
2010-07-06 17:00:00
CVE-2010-4183
2022-10-03 16:21:05
debiancve
debiancve
CVE-2010-2479
2010-07-06 17:17:14
CVE-2010-4183
2022-10-03 16:21:05
cve
cve
CVE-2010-4183
2022-10-03 16:21:05
nessus
nessus
Fedora 14 : moodle-1.9.9-2.fc14 (2010-13396)
2010-08-24 00:00:00
Fedora 13 : moodle-1.9.9-2.fc13 (2010-13250)
2010-08-23 00:00:00
Fedora 12 : moodle-1.9.9-2.fc12 (2010-13254)
2010-08-23 00:00:00
openvas
openvas
Fedora Update for moodle FEDORA-2010-13250
2010-08-24 00:00:00
Fedora Update for moodle FEDORA-2010-13396
2010-12-02 00:00:00
Fedora Update for moodle FEDORA-2010-13254
2010-08-24 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: moodle-1.9.9-2.fc14
2010-08-24 01:10:42
[SECURITY] Fedora 12 Update: moodle-1.9.9-2.fc12
2010-08-21 04:31:17
[SECURITY] Fedora 13 Update: moodle-1.9.9-2.fc13
2010-08-21 04:29:52
debian
debian
[SECURITY] [DSA-2067-1] New mahara packages fix several vulnerabilities
2010-07-02 16:16:39
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.7%
Related for CVE-2010-2479