CVE-2010-2479

Htmlpurifier < 4.1.0 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (8)

Scores

EPSS 0.0047
EPSS Percentile 64.1%

Classification

CWE
CWE-79
Status published

Affected Products (50)

htmlpurifier/htmlpurifier < 4.1.0
htmlpurifier/htmlpurifier < 4.1.0
htmlpurifier/htmlpurifier < 4.1.0
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
htmlpurifier/htmlpurifier
... and 35 more

Timeline

Published Jul 06, 2010
Tracked Since Feb 18, 2026