This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Htmlpurifier | First view | 2010-07-06 |
| Product | Htmlpurifier | Last view | 2010-11-05 |
| Version | 2.1.1 | Type | Application |
| Update | * | ||
| Edition | strict | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:htmlpurifier:htmlpurifier | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2010-11-05 | CVE-2010-4183 | Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479. |
| 4.3 | 2010-07-06 | CVE-2010-2479 | Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 69226 | HTML Purifier Font Family CSS Property XSS |
| 69225 | HTML Purifier Crafted Background XSS |
| 64113 | HTML Purifier Unspecified XSS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-12-02 | Name : Fedora Update for moodle FEDORA-2010-13396 File : nvt/gb_fedora_2010_13396_moodle_fc14.nasl |
| 2010-08-24 | Name : Fedora Update for moodle FEDORA-2010-13250 File : nvt/gb_fedora_2010_13250_moodle_fc13.nasl |
| 2010-08-24 | Name : Fedora Update for moodle FEDORA-2010-13254 File : nvt/gb_fedora_2010_13254_moodle_fc12.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-08-24 | Name: The remote Fedora host is missing a security update. File: fedora_2010-13396.nasl - Type: ACT_GATHER_INFO |
| 2010-08-23 | Name: The remote Fedora host is missing a security update. File: fedora_2010-13250.nasl - Type: ACT_GATHER_INFO |
| 2010-08-23 | Name: The remote Fedora host is missing a security update. File: fedora_2010-13254.nasl - Type: ACT_GATHER_INFO |
| 2010-07-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2067.nasl - Type: ACT_GATHER_INFO |
