Advisories for Composer/Ezyang/Htmlpurifier package

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

Cross-site scripting (XSS) vulnerability in HTML Purifier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.