CVE-2010-2479 – ezyang/htmlpurifier

Package

Manager: composer
Name: ezyang/htmlpurifier
Vulnerable Version: >=0 <4.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00467 pctl0.63526

Details

HTML Purifier Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T05:49:44Z
Modified: 2024-04-23T17:13:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6rm6-mjmh-86jq/GHSA-6rm6-mjmh-86jq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-6rm6-mjmh-86jq
Finding: F008
Auto approve: 1