Moderate severityNVD Advisory· Published Jul 6, 2010· Updated Apr 29, 2026
CVE-2010-2479
CVE-2010-2479
Description
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ezyang/htmlpurifierPackagist | < 4.1.1 | 4.1.1 |
Affected products
127cpe:2.3:a:htmlpurifier:htmlpurifier:*:*:*:*:*:*:*:*+ 77 more
- cpe:2.3:a:htmlpurifier:htmlpurifier:*:*:*:*:*:*:*:*range: <=4.1.0
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict-lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict-standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict-lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict-standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict-lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict-standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict-lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict-standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:lite:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:standalone:*:*:*:*:*
- cpe:2.3:a:htmlpurifier:htmlpurifier:*:*:lite:*:*:*:*:*range: <=4.1.0
- cpe:2.3:a:htmlpurifier:htmlpurifier:*:*:standalone:*:*:*:*:*range: <=4.1.0
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*+ 48 more
- cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*range: <=1.0.14
- cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- htmlpurifier.org/news/2010/0531-4.1.1-releasednvdPatchWEB
- www.securityfocus.com/bid/41259nvdPatchWEB
- secunia.com/advisories/39613nvdVendor AdvisoryWEB
- secunia.com/advisories/40431nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-6rm6-mjmh-86jqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-2479ghsaADVISORY
- repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230nvdWEB
- wiki.mahara.org/Release_Notes/1.0.15nvdWEB
- wiki.mahara.org/Release_Notes/1.1.9nvdWEB
- wiki.mahara.org/Release_Notes/1.2.5nvdWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/ezyang/htmlpurifier/CVE-2010-2479.yamlghsaWEB
News mentions
0No linked articles in our index yet.