MidnightBSD

Advisories for htmlpurifier

CVE-2010-2479 MEDIUM

Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
htmlpurifier htmlpurifier 3.2.0
htmlpurifier htmlpurifier 1.6.0
htmlpurifier htmlpurifier 1.1.1
htmlpurifier htmlpurifier 1.0.1
htmlpurifier htmlpurifier 1.1.0
mahara mahara 1.2.0
mahara mahara 1.0.13
mahara mahara 1.2.4
htmlpurifier htmlpurifier 2.1.5
htmlpurifier htmlpurifier 3.1.0
mahara mahara 1.1.4
htmlpurifier htmlpurifier 1.6.1
mahara mahara 0.9.0
htmlpurifier htmlpurifier 2.0.1
htmlpurifier htmlpurifier 1.5.0
mahara mahara 1.0.7
mahara mahara 1.0.4
mahara mahara 1.2.2
mahara mahara 1.1.5
htmlpurifier htmlpurifier 3.1.1
mahara mahara 1.1.3
mahara mahara 1.0.2
mahara mahara 1.0.12
mahara mahara 1.1.0
htmlpurifier htmlpurifier 1.3.2
mahara mahara 1.2.1
htmlpurifier htmlpurifier 2.1.2
mahara mahara 1.0.1
mahara mahara 1.0.8
htmlpurifier htmlpurifier 3.3.0
htmlpurifier htmlpurifier 1.4.0
mahara mahara 1.0.6
mahara mahara 1.0.3
mahara mahara 1.2.3
htmlpurifier htmlpurifier 3.0.0
htmlpurifier htmlpurifier 1.4.1
mahara mahara 1.0.10
htmlpurifier htmlpurifier *
htmlpurifier htmlpurifier 1.2.0
htmlpurifier htmlpurifier 2.0.0
htmlpurifier htmlpurifier 4.0.0
htmlpurifier htmlpurifier 1.3.0
mahara mahara 1.0.0
mahara mahara *
htmlpurifier htmlpurifier 2.1.3
mahara mahara 1.1.7
htmlpurifier htmlpurifier 2.1.1
mahara mahara 0.9.2
htmlpurifier htmlpurifier 2.1.0
htmlpurifier htmlpurifier 2.1.4
htmlpurifier htmlpurifier 1.1.2
mahara mahara 1.1.1
mahara mahara 1.1.6
htmlpurifier htmlpurifier 1.3.1
mahara mahara 1.0.11
mahara mahara 1.0.5
mahara mahara 1.0.9
mahara mahara 1.1.2
htmlpurifier htmlpurifier 1.0.0
mahara mahara 1.1.8
mahara mahara 0.9.1
CVE-2010-4183 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
htmlpurifier htmlpurifier 3.2.0
htmlpurifier htmlpurifier 1.6.0
htmlpurifier htmlpurifier 1.1.1
htmlpurifier htmlpurifier 3.3.0
htmlpurifier htmlpurifier 1.0.1
htmlpurifier htmlpurifier 1.4.0
htmlpurifier htmlpurifier 1.1.0
htmlpurifier htmlpurifier 3.0.0
htmlpurifier htmlpurifier 1.4.1
htmlpurifier htmlpurifier *
htmlpurifier htmlpurifier 1.2.0
htmlpurifier htmlpurifier 2.0.0
htmlpurifier htmlpurifier 2.1.5
htmlpurifier htmlpurifier 4.0.0
htmlpurifier htmlpurifier 1.3.0
htmlpurifier htmlpurifier 3.1.0
htmlpurifier htmlpurifier 1.6.1
htmlpurifier htmlpurifier 2.1.3
htmlpurifier htmlpurifier 2.0.1
htmlpurifier htmlpurifier 2.1.1
htmlpurifier htmlpurifier 1.5.0
htmlpurifier htmlpurifier 2.1.0
htmlpurifier htmlpurifier 2.1.4
htmlpurifier htmlpurifier 1.1.2
htmlpurifier htmlpurifier 3.1.1
htmlpurifier htmlpurifier 1.3.1
htmlpurifier htmlpurifier 1.0.0
htmlpurifier htmlpurifier 1.3.2
htmlpurifier htmlpurifier 2.1.2
CVE-2011-3744 MEDIUM

HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
htmlpurifier html_purifier 4.2.0