CVE-2010-2479

N/A Unknown

Published: July 06, 2010 Modified: April 29, 2026

Description

Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://htmlpurifier.org/news/2010/0531-4.1.1-released

Source: secalert@redhat.com

Patch

http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230

Source: secalert@redhat.com

http://secunia.com/advisories/39613

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/40431

Source: secalert@redhat.com

Vendor Advisory

http://wiki.mahara.org/Release_Notes/1.0.15

Source: secalert@redhat.com

http://wiki.mahara.org/Release_Notes/1.1.9

Source: secalert@redhat.com

http://wiki.mahara.org/Release_Notes/1.2.5

Source: secalert@redhat.com

http://www.securityfocus.com/bid/41259

Source: secalert@redhat.com

Patch

http://htmlpurifier.org/news/2010/0531-4.1.1-released