Published: 06/07/2010 Updated: 07/07/2010

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in HTML Purifier prior to 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
htmlpurifier htmlpurifier
htmlpurifier htmlpurifier 3.1.0
htmlpurifier htmlpurifier 2.1.3
htmlpurifier htmlpurifier 2.1.0
htmlpurifier htmlpurifier 1.4.1
htmlpurifier htmlpurifier 1.4.0
htmlpurifier htmlpurifier 1.3.2
htmlpurifier htmlpurifier 3.3.0
htmlpurifier htmlpurifier 3.2.0
htmlpurifier htmlpurifier 3.0.0
htmlpurifier htmlpurifier 2.1.5
htmlpurifier htmlpurifier 2.1.2
htmlpurifier htmlpurifier 2.1.1
htmlpurifier htmlpurifier 2.0.0
htmlpurifier htmlpurifier 1.6.1
htmlpurifier htmlpurifier 1.1.1
htmlpurifier htmlpurifier 1.1.0
htmlpurifier htmlpurifier 1.0.1
htmlpurifier htmlpurifier 1.0.0
htmlpurifier htmlpurifier 4.0.0
htmlpurifier htmlpurifier 3.1.1
htmlpurifier htmlpurifier 2.1.4
htmlpurifier htmlpurifier 2.0.1
htmlpurifier htmlpurifier 1.6.0
htmlpurifier htmlpurifier 1.5.0
htmlpurifier htmlpurifier 1.3.0
htmlpurifier htmlpurifier 1.1.2
htmlpurifier htmlpurifier 1.3.1
htmlpurifier htmlpurifier 1.2.0
mahara mahara 1.0.0
mahara mahara 1.0.1
mahara mahara 1.0.2
mahara mahara 1.0.3
mahara mahara 1.0.4
mahara mahara 1.0.9
mahara mahara 1.0.10
mahara mahara 1.0.11
mahara mahara 1.0.12
mahara mahara 0.9.0
mahara mahara 1.0.5
mahara mahara 1.0.7
mahara mahara
mahara mahara 0.9.2
mahara mahara 1.0.6
mahara mahara 1.0.8
mahara mahara 1.0.13
mahara mahara 0.9.1
mahara mahara 1.1.4
mahara mahara 1.1.3
mahara mahara 1.1.2
mahara mahara 1.1.0
mahara mahara 1.1.8
mahara mahara 1.1.1
mahara mahara 1.1.5
mahara mahara 1.1.6
mahara mahara 1.1.7
mahara mahara 1.2.0
mahara mahara 1.2.1
mahara mahara 1.2.2
mahara mahara 1.2.4
mahara mahara 1.2.3

Debian Bug report logs - #593301 moodle: CVE-2010-2479 xss vulnerability Package: moodle; Maintainer for moodle is (unknown); Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 17 Aug 2010 02:06:02 UTC Severity: important Tags: security Found in version moodle/199-2 Fixed in version moodle/199dfsg2 ...

Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-1667 Multiple pages performed insufficient input sanitising, making them vulnerable to cross-site scripting attacks CVE-2010-1668 Multiple forms ...

CWE-79 http://wiki.mahara.org/Release_Notes/1.0.15 http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230 http://wiki.mahara.org/Release_Notes/1.2.5 http://wiki.mahara.org/Release_Notes/1.1.9 http://htmlpurifier.org/news/2010/0531-4.1.1-released http://secunia.com/advisories/39613 http://www.securityfocus.com/bid/41259 http://secunia.com/advisories/40431 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593301 https://nvd.nist.gov https://www.debian.org/security/./dsa-2067

CVE-2010-2479

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect