CVE-2010-4183 - Vulnerability Details

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Htmlpurifier	Htmlpurifier
Microsoft	Internet Explorer

Configuration 1 [-]

AND

OR	cpe:2.3:a:htmlpurifier:htmlpurifier::::::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:beta::::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.1:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.1:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.2:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.2.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.1:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.2:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0::lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0::standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0::strict-lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0::strict-standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1::lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1::standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1::strict-lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1::strict-standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2::lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2::standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2::strict-lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2::strict-standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3::lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3::standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3::strict:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3::strict-lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3::strict-standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4::lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4::standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5::lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5::standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0::lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0::standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:::::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0::lite:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0::standalone:::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1::::::
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:lite:::::*
	cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:standalone:::::*
cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:::::::*
cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1::lite:::::
cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1::standalone:::::
cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:::::::*
cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0::lite:::::
cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0::standalone:::::
cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:::::::*
cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0::lite:::::
cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0::standalone:::::
cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0::lite:::::
cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0::standalone:::::

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://htmlpurifier.org/news/2010/0915-4.2.0-released
http://htmlpurifier.org/security/2010/css-quoting

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-11-05T16:28:00Z

Updated: 2024-09-16T18:33:51.198Z

Reserved: 2010-11-05T00:00:00Z

Link: CVE-2010-4183

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-11-05T17:00:03.203

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-4183

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-11-05T16:28:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://htmlpurifier.org/news/2010/0915-4.2.0-released"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://htmlpurifier.org/security/2010/css-quoting"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4183", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://htmlpurifier.org/news/2010/0915-4.2.0-released", "refsource": "CONFIRM", "url": "http://htmlpurifier.org/news/2010/0915-4.2.0-released"}, {"name": "http://htmlpurifier.org/security/2010/css-quoting", "refsource": "CONFIRM", "url": "http://htmlpurifier.org/security/2010/css-quoting"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:34:37.703Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://htmlpurifier.org/news/2010/0915-4.2.0-released"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://htmlpurifier.org/security/2010/css-quoting"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4183", "datePublished": "2010-11-05T16:28:00Z", "dateReserved": "2010-11-05T00:00:00Z", "dateUpdated": "2024-09-16T18:33:51.198Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:*:*:*:*:*:*:*:*", "matchCriteriaId": "440617A3-2E6F-4D37-BD6C-27B8287B7B35", "versionEndIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "24143435-62A6-470F-AC49-92175167F5B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "3E0FFD69-953B-4256-B865-3D9B15681597", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D62CE1F3-3667-46F4-B62F-456148267E51", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B70AF0F-5B3B-4D41-B4A7-9A04C790D703", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E2E3DDFA-98AE-4908-AA90-1524A0850752", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "05E7680A-9942-47D3-B8EA-C0830F30DE7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D14E3B6C-A386-469E-92BC-1830D1E572D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F167F4A-E18B-4E2D-8B0F-F6022759E069", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDBAD18A-26DB-49B9-AA19-CFA0BB4233F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "24A7F78E-4146-4EA0-A968-C2FED9F71300", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "10EEA88C-A2E2-4035-8A7C-921D3B8350F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:*:strict:*:*:*:*:*", "matchCriteriaId": "63E05515-EF1A-43AA-8125-3BC2EF46D6D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5DE68DBD-C1E6-49E9-8E66-A9F49950E8F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:*:strict:*:*:*:*:*", "matchCriteriaId": "44887D47-30A3-4CAB-BA18-91CCB4C32333", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "67F9D661-CA8E-437B-BDD6-9B7749281BC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:*:strict:*:*:*:*:*", "matchCriteriaId": "C05D43AF-2B7B-463B-A272-79F133C2F6EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "07EE65FF-653C-49E6-82AE-F5E72BA5C6CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:*:strict:*:*:*:*:*", "matchCriteriaId": "6F3C02BD-1BE2-4950-B712-5FFB8ECC2A2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E6CE6A7-9B74-4AD0-A7F9-62AF0B4C82AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:*:strict:*:*:*:*:*", "matchCriteriaId": "E3EFA8D3-646C-4F44-AD9F-410B202064B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "797CE25C-505D-4596-9021-B1EA43E6A767", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:strict:*:*:*:*:*", "matchCriteriaId": "0447936E-6DB9-4C77-8D66-02068690F074", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B54BDBD5-DD16-4E42-8FB7-BEC679AFCB6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:*:strict:*:*:*:*:*", "matchCriteriaId": "484F93BB-E787-4277-B166-147BA89E2627", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E63D5ECE-A527-4912-97B0-5AC318E27992", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:lite:*:*:*:*:*", "matchCriteriaId": "711DC856-A791-4C5B-AEEF-C7E25E068E93", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:standalone:*:*:*:*:*", "matchCriteriaId": "B7E3F4CE-403E-429A-B6B9-820B75343AE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict:*:*:*:*:*", "matchCriteriaId": "1C8D2CE8-4773-46E6-A1D5-2B23E49E4DED", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict-lite:*:*:*:*:*", "matchCriteriaId": "D950D749-B476-48D0-A789-55ADD9C73B8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict-standalone:*:*:*:*:*", "matchCriteriaId": "57D3F6C3-6616-4FC0-AD0A-A98FB8F78E18", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "24177810-45DC-499E-B0F7-C3B9A40950B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:lite:*:*:*:*:*", "matchCriteriaId": "F37323C6-86F8-4BE5-A00B-21366A7190BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:standalone:*:*:*:*:*", "matchCriteriaId": "C9CA7EA8-670A-43FB-8466-C663AEEDEFBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict:*:*:*:*:*", "matchCriteriaId": "F809E8DA-49EE-4509-BBE7-4B6D39965948", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict-lite:*:*:*:*:*", "matchCriteriaId": "FAD9CEF2-F674-4B17-89E9-B7F7745704B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict-standalone:*:*:*:*:*", "matchCriteriaId": "9EA1FFA7-DED0-4B05-81BE-E2AAA1DE6F6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "53C79A55-90D3-4DAE-B1A2-D53116864F84", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:lite:*:*:*:*:*", "matchCriteriaId": "1A9269ED-1A01-4677-B42D-95BBA6319EAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:standalone:*:*:*:*:*", "matchCriteriaId": "9C3C9655-79F1-4D66-8830-1E630C436D59", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict:*:*:*:*:*", "matchCriteriaId": "FF260945-7E1E-400E-9CDE-D75498667483", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict-lite:*:*:*:*:*", "matchCriteriaId": "E742FC87-C5EA-4D69-9AFA-5A5AE207FE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict-standalone:*:*:*:*:*", "matchCriteriaId": "4DD9AD81-CDA5-4377-A9ED-67D04FECBE91", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "AF1314CE-89D9-40FC-9A33-31EB3B981A27", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:lite:*:*:*:*:*", "matchCriteriaId": "CAF341D6-E0D2-43F1-854E-6DCCE1BC2A45", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:standalone:*:*:*:*:*", "matchCriteriaId": "D1395209-C0A8-484E-891F-9BBFAAF5C680", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict:*:*:*:*:*", "matchCriteriaId": "09CDD264-F587-43C6-B8DD-BF6F05A1D785", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict-lite:*:*:*:*:*", "matchCriteriaId": "C578396F-EFE9-49B2-8375-9DDE507D56EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict-standalone:*:*:*:*:*", "matchCriteriaId": "115A93E1-7E60-4499-8E5D-0005FE01F1D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "FE055D0C-E7C9-4A4D-A156-86C1B5352A4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:lite:*:*:*:*:*", "matchCriteriaId": "8075E2EB-A40F-4627-92AC-1485235691A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:standalone:*:*:*:*:*", "matchCriteriaId": "184370F0-FB8B-470C-AD96-75CCB68D37EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "39F54191-160A-456E-B049-093276C06F61", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:lite:*:*:*:*:*", "matchCriteriaId": "962A7056-71F8-4BA7-8664-B29A8E9CF83A", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:standalone:*:*:*:*:*", "matchCriteriaId": "929A6993-24FB-4665-8CC9-5F101A557BB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA3F7F1B-5F25-4092-8128-795544F386FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:lite:*:*:*:*:*", "matchCriteriaId": "F65FCFE7-4EA0-405F-AAE1-CDB9E58318F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:standalone:*:*:*:*:*", "matchCriteriaId": "E6B5FBD8-2D09-4ABA-BC34-C9D9993E858E", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5624C862-D4B8-4A14-AD9F-A2E80BBBEB49", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:lite:*:*:*:*:*", "matchCriteriaId": "EFDE4099-9E43-4A2C-865C-C397CBE92609", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:standalone:*:*:*:*:*", "matchCriteriaId": "C58ED5AB-F5FF-42A6-98D8-37D37D4054F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "49F1B3F5-C22C-46DD-B447-82F6E00B232A", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:lite:*:*:*:*:*", "matchCriteriaId": "3EFE0D2B-D725-4588-935E-26E424CC8C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:standalone:*:*:*:*:*", "matchCriteriaId": "566EB415-EE50-4D32-81BB-58AC00FF6E80", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "74387F7F-6E01-4F92-AE5B-A8D39DA7DE07", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:lite:*:*:*:*:*", "matchCriteriaId": "4CABDC55-2753-4481-9613-5F83D2974E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:standalone:*:*:*:*:*", "matchCriteriaId": "BF967A1F-4B6E-4507-8DCF-DAC87EC8E276", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB2924AA-FFE7-4CE3-B4D1-4CE2BB496555", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:lite:*:*:*:*:*", "matchCriteriaId": "D905650B-10DD-492D-AC66-12DF313661F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:standalone:*:*:*:*:*", "matchCriteriaId": "EFF61BFC-1139-47B4-82FA-9080F6F52648", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "049719CC-CDB8-466C-92F5-2918ABDD97BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:lite:*:*:*:*:*", "matchCriteriaId": "9DCF286B-76D2-4E3E-B05B-DA17C3FA0D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:standalone:*:*:*:*:*", "matchCriteriaId": "99579DB2-D08A-46A2-9CE8-9C0A06AF2BB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:lite:*:*:*:*:*", "matchCriteriaId": "958E7E2C-58C0-42B5-96CB-93158EB3A185", "vulnerable": true}, {"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:standalone:*:*:*:*:*", "matchCriteriaId": "FC1452C3-E3A9-490F-931D-4F173B6EFDEB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en HTML Purifier anterior v4.1.0, cuando se usa Internet Explorer, permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de las propiedades manipuladas (1) background-image, (2) background, o (3) font-family Cascading Style Sheets (CSS) , una vulnerabilidad diferente a CVE-2010-2479."}], "id": "CVE-2010-4183", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-11-05T17:00:03.203", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://htmlpurifier.org/news/2010/0915-4.2.0-released"}, {"source": "cve@mitre.org", "url": "http://htmlpurifier.org/security/2010/css-quoting"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://htmlpurifier.org/news/2010/0915-4.2.0-released"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://htmlpurifier.org/security/2010/css-quoting"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object