Vulnerability Name:

CVE-2010-2479 (CCN-58146)

Assigned:2010-04-26
Published:2010-04-26
Updated:2010-07-07
Summary:Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-2479

Source: CCN
Type: HTML Purifier Web Site
HTML Purifier 4.1 released

Source: CONFIRM
Type: Patch
http://htmlpurifier.org/news/2010/0531-4.1.1-released

Source: CONFIRM
Type: UNKNOWN
http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230

Source: CCN
Type: SA39613
HTML Purifier Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39613

Source: CCN
Type: SA40431
Mahara Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
40431

Source: CONFIRM
Type: UNKNOWN
http://wiki.mahara.org/Release_Notes/1.0.15

Source: CONFIRM
Type: UNKNOWN
http://wiki.mahara.org/Release_Notes/1.1.9

Source: CCN
Type: Mahara Web site
1.2.5 - Mahara Wiki

Source: CONFIRM
Type: UNKNOWN
http://wiki.mahara.org/Release_Notes/1.2.5

Source: DEBIAN
Type: DSA-2067
mahara -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 64113
HTML Purifier Unspecified XSS

Source: CCN
Type: OSVDB ID: 69225
HTML Purifier Crafted Background XSS

Source: CCN
Type: OSVDB ID: 69226
HTML Purifier Font Family CSS Property XSS

Source: CCN
Type: BID-39709
HTML Purifier Unspecified Cross-Site Scripting Vulnerability

Source: BID
Type: Patch
41259

Source: CCN
Type: BID-41259
HTML Purifier Versions Prior to 4.1.1 Unspecified Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
htmlpurifier-unspecified-xss(58146)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:htmlpurifier:htmlpurifier:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.4.0:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.4.1:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.5.0:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.6.0:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:1.6.1:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.0.0:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.0.1:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.0:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.0:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.0:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.0:*:strict-lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.0:*:strict-standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.1:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.1:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.1:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.1:*:strict-lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.1:*:strict-standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.2:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.2:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.2:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.2:*:strict-lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.2:*:strict-standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.3:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.3:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.3:*:strict:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.3:*:strict-lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.3:*:strict-standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.4:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.4:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.5:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:2.1.5:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.0.0:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.0.0:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.0:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.0:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.0:rc1:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.0:rc1:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.1:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.1.1:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.2.0:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.2.0:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.3.0:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:3.3.0:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:4.0.0:*:lite:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:4.0.0:*:standalone:*:*:*:*:*
  • OR cpe:/a:htmlpurifier:htmlpurifier:*:*:*:*:*:*:*:* (Version <= 4.1.0)
  • OR cpe:/a:htmlpurifier:htmlpurifier:*:*:lite:*:*:*:*:* (Version <= 4.1.0)
  • OR cpe:/a:htmlpurifier:htmlpurifier:*:*:standalone:*:*:*:*:* (Version <= 4.1.0)

    • Configuration 2:
  • cpe:/a:mahara:mahara:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:*:*:*:*:*:*:*:* (Version <= 1.0.14)

    • Configuration 3:
  • cpe:/a:mahara:mahara:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.8:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:mahara:mahara:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.2.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:11886
    P
    		DSA-2067 mahara -- several vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:13104
    P
    		DSA-2067-1 mahara -- several
    2014-06-23
    oval:org.debian:def:2067
    V
    		several vulnerabilities
    2010-07-02
    BACK
    htmlpurifier htmlpurifier 1.0.0
    htmlpurifier htmlpurifier 1.0.0 beta
    htmlpurifier htmlpurifier 1.0.1
    htmlpurifier htmlpurifier 1.1.0
    htmlpurifier htmlpurifier 1.1.1
    htmlpurifier htmlpurifier 1.1.2
    htmlpurifier htmlpurifier 1.2.0
    htmlpurifier htmlpurifier 1.3.0
    htmlpurifier htmlpurifier 1.3.1
    htmlpurifier htmlpurifier 1.3.2
    htmlpurifier htmlpurifier 1.4.0
    htmlpurifier htmlpurifier 1.4.0
    htmlpurifier htmlpurifier 1.4.1
    htmlpurifier htmlpurifier 1.4.1
    htmlpurifier htmlpurifier 1.5.0
    htmlpurifier htmlpurifier 1.5.0
    htmlpurifier htmlpurifier 1.6.0
    htmlpurifier htmlpurifier 1.6.0
    htmlpurifier htmlpurifier 1.6.1
    htmlpurifier htmlpurifier 1.6.1
    htmlpurifier htmlpurifier 2.0.0
    htmlpurifier htmlpurifier 2.0.0
    htmlpurifier htmlpurifier 2.0.1
    htmlpurifier htmlpurifier 2.0.1
    htmlpurifier htmlpurifier 2.1.0
    htmlpurifier htmlpurifier 2.1.0
    htmlpurifier htmlpurifier 2.1.0
    htmlpurifier htmlpurifier 2.1.0
    htmlpurifier htmlpurifier 2.1.0
    htmlpurifier htmlpurifier 2.1.0
    htmlpurifier htmlpurifier 2.1.1
    htmlpurifier htmlpurifier 2.1.1
    htmlpurifier htmlpurifier 2.1.1
    htmlpurifier htmlpurifier 2.1.1
    htmlpurifier htmlpurifier 2.1.1
    htmlpurifier htmlpurifier 2.1.1
    htmlpurifier htmlpurifier 2.1.2
    htmlpurifier htmlpurifier 2.1.2
    htmlpurifier htmlpurifier 2.1.2
    htmlpurifier htmlpurifier 2.1.2
    htmlpurifier htmlpurifier 2.1.2
    htmlpurifier htmlpurifier 2.1.2
    htmlpurifier htmlpurifier 2.1.3
    htmlpurifier htmlpurifier 2.1.3
    htmlpurifier htmlpurifier 2.1.3
    htmlpurifier htmlpurifier 2.1.3
    htmlpurifier htmlpurifier 2.1.3
    htmlpurifier htmlpurifier 2.1.3
    htmlpurifier htmlpurifier 2.1.4
    htmlpurifier htmlpurifier 2.1.4
    htmlpurifier htmlpurifier 2.1.4
    htmlpurifier htmlpurifier 2.1.5
    htmlpurifier htmlpurifier 2.1.5
    htmlpurifier htmlpurifier 2.1.5
    htmlpurifier htmlpurifier 3.0.0
    htmlpurifier htmlpurifier 3.0.0
    htmlpurifier htmlpurifier 3.0.0
    htmlpurifier htmlpurifier 3.1.0
    htmlpurifier htmlpurifier 3.1.0
    htmlpurifier htmlpurifier 3.1.0
    htmlpurifier htmlpurifier 3.1.0 rc1
    htmlpurifier htmlpurifier 3.1.0 rc1
    htmlpurifier htmlpurifier 3.1.0 rc1
    htmlpurifier htmlpurifier 3.1.1
    htmlpurifier htmlpurifier 3.1.1
    htmlpurifier htmlpurifier 3.1.1
    htmlpurifier htmlpurifier 3.2.0
    htmlpurifier htmlpurifier 3.2.0
    htmlpurifier htmlpurifier 3.2.0
    htmlpurifier htmlpurifier 3.3.0
    htmlpurifier htmlpurifier 3.3.0
    htmlpurifier htmlpurifier 3.3.0
    htmlpurifier htmlpurifier 4.0.0
    htmlpurifier htmlpurifier 4.0.0
    htmlpurifier htmlpurifier 4.0.0
    htmlpurifier htmlpurifier *
    htmlpurifier htmlpurifier *
    htmlpurifier htmlpurifier *
    mahara mahara 0.9.0
    mahara mahara 0.9.1
    mahara mahara 0.9.2
    mahara mahara 1.0.0
    mahara mahara 1.0.1
    mahara mahara 1.0.2
    mahara mahara 1.0.3
    mahara mahara 1.0.4
    mahara mahara 1.0.5
    mahara mahara 1.0.6
    mahara mahara 1.0.7
    mahara mahara 1.0.8
    mahara mahara 1.0.9
    mahara mahara 1.0.10
    mahara mahara 1.0.11
    mahara mahara 1.0.12
    mahara mahara 1.0.13
    mahara mahara *
    mahara mahara 1.1.0
    mahara mahara 1.1.0 alpha1
    mahara mahara 1.1.0 alpha2
    mahara mahara 1.1.0 alpha3
    mahara mahara 1.1.0 beta1
    mahara mahara 1.1.0 beta2
    mahara mahara 1.1.0 beta3
    mahara mahara 1.1.0 beta4
    mahara mahara 1.1.0 rc1
    mahara mahara 1.1.0 rc2
    mahara mahara 1.1.1
    mahara mahara 1.1.2
    mahara mahara 1.1.3
    mahara mahara 1.1.4
    mahara mahara 1.1.5
    mahara mahara 1.1.6
    mahara mahara 1.1.7
    mahara mahara 1.1.8
    mahara mahara 1.2.0
    mahara mahara 1.2.0 alpha1
    mahara mahara 1.2.0 alpha2
    mahara mahara 1.2.0 alpha3
    mahara mahara 1.2.0 beta1
    mahara mahara 1.2.0 beta2
    mahara mahara 1.2.0 beta3
    mahara mahara 1.2.0 beta4
    mahara mahara 1.2.0 rc1
    mahara mahara 1.2.1
    mahara mahara 1.2.2
    mahara mahara 1.2.3
    mahara mahara 1.2.4