CVE-2010-4183

Htmlpurifier < 4.0.0 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

References (2)

[Vendor Advisory] http://htmlpurifier.org/news/2010/0915-4.2.0-released

[Various Sources] http://htmlpurifier.org/security/2010/css-quoting

Scores

EPSS 0.0026

EPSS Percentile 49.4%

Classification

CWE

CWE-79

Status published

Affected Products (50)

htmlpurifier/htmlpurifier < 4.0.0

htmlpurifier/htmlpurifier

... and 35 more

Timeline

Published Nov 05, 2010

Tracked Since Feb 18, 2026