Moderate severityNVD Advisory· Published Jun 29, 2007· Updated Jun 16, 2026
CVE-2007-3498
CVE-2007-3498
Description
Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ezyang/htmlpurifierPackagist | < 2.0.1 | 2.0.1 |
Affected products
2- cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- htmlpurifier.org/svnroot/htmlpurifier/tags/2.0.1/NEWSnvdPatchWEB
- github.com/advisories/GHSA-6fh7-fwqj-mv49ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2007-3498ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/35300nvdWEB
- github.com/ezyang/htmlpurifier/commit/96b571d23639bd70768b8db626ecaf8bbb7ca5a3ghsaWEB
- github.com/ezyang/htmlpurifier/commits/v2.0.1/smoketests/configForm.phpghsaWEB
- web.archive.org/web/20200228110020/http://www.securityfocus.com/bid/24699ghsaWEB
- osvdb.org/36722nvd
- www.securityfocus.com/bid/24699nvd
News mentions
0No linked articles in our index yet.