2 matches found
CVE-2010-4183
Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...
CVE-2010-4183
HTML Purifier 0.x/1.x up to 4.0.x is affected by CVE-2010-4183. When using Internet Explorer, an attacker can trigger XSS via crafted CSS properties (background-image, background, or font-family) to inject script/HTML. The vulnerability is tied to HTML Purifier before 4.1.0; remediation is to upg...