CVE-2010-2479

EPSS 0.47%
Published 06.07.2010 17:17:14
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Htmlpurifier ≫ Htmlpurifier Version <= 4.1.0

Htmlpurifier ≫ Htmlpurifier Editionlite Version <= 4.1.0

Htmlpurifier ≫ Htmlpurifier Editionstandalone Version <= 4.1.0

Htmlpurifier ≫ Htmlpurifier Version1.0.0

Htmlpurifier ≫ Htmlpurifier Version1.0.0 Updatebeta

Htmlpurifier ≫ Htmlpurifier Version1.0.1

Htmlpurifier ≫ Htmlpurifier Version1.1.0

Htmlpurifier ≫ Htmlpurifier Version1.1.1

Htmlpurifier ≫ Htmlpurifier Version1.1.2

Htmlpurifier ≫ Htmlpurifier Version1.2.0

Htmlpurifier ≫ Htmlpurifier Version1.3.0

Htmlpurifier ≫ Htmlpurifier Version1.3.1

Htmlpurifier ≫ Htmlpurifier Version1.3.2

Htmlpurifier ≫ Htmlpurifier Version1.4.0

Htmlpurifier ≫ Htmlpurifier Version1.4.0 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version1.4.1

Htmlpurifier ≫ Htmlpurifier Version1.4.1 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version1.5.0

Htmlpurifier ≫ Htmlpurifier Version1.5.0 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version1.6.0

Htmlpurifier ≫ Htmlpurifier Version1.6.0 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version1.6.1

Htmlpurifier ≫ Htmlpurifier Version1.6.1 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version2.0.0

Htmlpurifier ≫ Htmlpurifier Version2.0.0 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version2.0.1

Htmlpurifier ≫ Htmlpurifier Version2.0.1 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version2.1.0

Htmlpurifier ≫ Htmlpurifier Version2.1.0 Editionlite

Htmlpurifier ≫ Htmlpurifier Version2.1.0 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version2.1.0 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version2.1.0 Editionstrict-lite

Htmlpurifier ≫ Htmlpurifier Version2.1.0 Editionstrict-standalone

Htmlpurifier ≫ Htmlpurifier Version2.1.1

Htmlpurifier ≫ Htmlpurifier Version2.1.1 Editionlite

Htmlpurifier ≫ Htmlpurifier Version2.1.1 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version2.1.1 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version2.1.1 Editionstrict-lite

Htmlpurifier ≫ Htmlpurifier Version2.1.1 Editionstrict-standalone

Htmlpurifier ≫ Htmlpurifier Version2.1.2

Htmlpurifier ≫ Htmlpurifier Version2.1.2 Editionlite

Htmlpurifier ≫ Htmlpurifier Version2.1.2 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version2.1.2 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version2.1.2 Editionstrict-lite

Htmlpurifier ≫ Htmlpurifier Version2.1.2 Editionstrict-standalone

Htmlpurifier ≫ Htmlpurifier Version2.1.3

Htmlpurifier ≫ Htmlpurifier Version2.1.3 Editionlite

Htmlpurifier ≫ Htmlpurifier Version2.1.3 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version2.1.3 Editionstrict

Htmlpurifier ≫ Htmlpurifier Version2.1.3 Editionstrict-lite

Htmlpurifier ≫ Htmlpurifier Version2.1.3 Editionstrict-standalone

Htmlpurifier ≫ Htmlpurifier Version2.1.4

Htmlpurifier ≫ Htmlpurifier Version2.1.4 Editionlite

Htmlpurifier ≫ Htmlpurifier Version2.1.4 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version2.1.5

Htmlpurifier ≫ Htmlpurifier Version2.1.5 Editionlite

Htmlpurifier ≫ Htmlpurifier Version2.1.5 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version3.0.0

Htmlpurifier ≫ Htmlpurifier Version3.0.0 Editionlite

Htmlpurifier ≫ Htmlpurifier Version3.0.0 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version3.1.0

Htmlpurifier ≫ Htmlpurifier Version3.1.0 Editionlite

Htmlpurifier ≫ Htmlpurifier Version3.1.0 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version3.1.0 Updaterc1

Htmlpurifier ≫ Htmlpurifier Version3.1.0 Updaterc1 Editionlite

Htmlpurifier ≫ Htmlpurifier Version3.1.0 Updaterc1 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version3.1.1

Htmlpurifier ≫ Htmlpurifier Version3.1.1 Editionlite

Htmlpurifier ≫ Htmlpurifier Version3.1.1 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version3.2.0

Htmlpurifier ≫ Htmlpurifier Version3.2.0 Editionlite

Htmlpurifier ≫ Htmlpurifier Version3.2.0 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version3.3.0

Htmlpurifier ≫ Htmlpurifier Version3.3.0 Editionlite

Htmlpurifier ≫ Htmlpurifier Version3.3.0 Editionstandalone

Htmlpurifier ≫ Htmlpurifier Version4.0.0

Htmlpurifier ≫ Htmlpurifier Version4.0.0 Editionlite

Htmlpurifier ≫ Htmlpurifier Version4.0.0 Editionstandalone

Mahara ≫ Mahara Version <= 1.0.14

Mahara ≫ Mahara Version0.9.0

Mahara ≫ Mahara Version0.9.1

Mahara ≫ Mahara Version0.9.2

Mahara ≫ Mahara Version1.0.0

Mahara ≫ Mahara Version1.0.1

Mahara ≫ Mahara Version1.0.2

Mahara ≫ Mahara Version1.0.3

Mahara ≫ Mahara Version1.0.4

Mahara ≫ Mahara Version1.0.5

Mahara ≫ Mahara Version1.0.6

Mahara ≫ Mahara Version1.0.7

Mahara ≫ Mahara Version1.0.8

Mahara ≫ Mahara Version1.0.9

Mahara ≫ Mahara Version1.0.10

Mahara ≫ Mahara Version1.0.11

Mahara ≫ Mahara Version1.0.12

Mahara ≫ Mahara Version1.0.13

Mahara ≫ Mahara Version1.1.0

Mahara ≫ Mahara Version1.1.0 Updatealpha1

Mahara ≫ Mahara Version1.1.0 Updatealpha2

Mahara ≫ Mahara Version1.1.0 Updatealpha3

Mahara ≫ Mahara Version1.1.0 Updatebeta1

Mahara ≫ Mahara Version1.1.0 Updatebeta2

Mahara ≫ Mahara Version1.1.0 Updatebeta3

Mahara ≫ Mahara Version1.1.0 Updatebeta4

Mahara ≫ Mahara Version1.1.0 Updaterc1

Mahara ≫ Mahara Version1.1.0 Updaterc2

Mahara ≫ Mahara Version1.1.1

Mahara ≫ Mahara Version1.1.2

Mahara ≫ Mahara Version1.1.3

Mahara ≫ Mahara Version1.1.4

Mahara ≫ Mahara Version1.1.5

Mahara ≫ Mahara Version1.1.6

Mahara ≫ Mahara Version1.1.7

Mahara ≫ Mahara Version1.1.8

Mahara ≫ Mahara Version1.2.0

Mahara ≫ Mahara Version1.2.0 Updatealpha1

Mahara ≫ Mahara Version1.2.0 Updatealpha2

Mahara ≫ Mahara Version1.2.0 Updatealpha3

Mahara ≫ Mahara Version1.2.0 Updatebeta1

Mahara ≫ Mahara Version1.2.0 Updatebeta2

Mahara ≫ Mahara Version1.2.0 Updatebeta3

Mahara ≫ Mahara Version1.2.0 Updatebeta4

Mahara ≫ Mahara Version1.2.0 Updaterc1

Mahara ≫ Mahara Version1.2.1

Mahara ≫ Mahara Version1.2.2

Mahara ≫ Mahara Version1.2.3

Mahara ≫ Mahara Version1.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.616

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/40431

Vendor Advisory

http://wiki.mahara.org/Release_Notes/1.0.15

http://wiki.mahara.org/Release_Notes/1.1.9

http://wiki.mahara.org/Release_Notes/1.2.5

http://htmlpurifier.org/news/2010/0531-4.1.1-released

Patch

http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230

http://secunia.com/advisories/39613

Vendor Advisory

http://www.securityfocus.com/bid/41259

Patch

https://nvd.nist.gov/vuln/detail/CVE-2010-2479

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2479

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2479

EUVD