Strix
26.1K

CVE-2010-4183

UnknownEPSS 0.90%

Last modified

CVE-2010-4183 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.. EPSS estimates a 0.90% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

Metrics

EPSS Probability
0.90%

55.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HtmlpurifierHtmlpurifier<= 4.0.0
HtmlpurifierHtmlpurifier1.0.0
HtmlpurifierHtmlpurifier1.0.1
HtmlpurifierHtmlpurifier1.1.0
HtmlpurifierHtmlpurifier1.1.1
HtmlpurifierHtmlpurifier1.1.2
HtmlpurifierHtmlpurifier1.2.0
HtmlpurifierHtmlpurifier1.3.0
HtmlpurifierHtmlpurifier1.3.1
HtmlpurifierHtmlpurifier1.3.2
HtmlpurifierHtmlpurifier1.4.0
HtmlpurifierHtmlpurifier1.4.1
HtmlpurifierHtmlpurifier1.5.0
HtmlpurifierHtmlpurifier1.6.0
HtmlpurifierHtmlpurifier1.6.1
HtmlpurifierHtmlpurifier2.0.0
HtmlpurifierHtmlpurifier2.0.1
HtmlpurifierHtmlpurifier2.1.0
HtmlpurifierHtmlpurifier2.1.1
HtmlpurifierHtmlpurifier2.1.2
HtmlpurifierHtmlpurifier2.1.3
HtmlpurifierHtmlpurifier2.1.4
HtmlpurifierHtmlpurifier2.1.5
HtmlpurifierHtmlpurifier3.0.0
HtmlpurifierHtmlpurifier3.1.0
HtmlpurifierHtmlpurifier3.1.1
HtmlpurifierHtmlpurifier3.2.0
HtmlpurifierHtmlpurifier3.3.0
HtmlpurifierHtmlpurifier4.0.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-4183?
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
How severe is CVE-2010-4183?
Severity scoring for CVE-2010-4183 is pending analysis. The EPSS model estimates a 0.90% probability of exploitation in the next 30 days.
How do I fix CVE-2010-4183?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-4183?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST