Advisories for Composer/Ezyang/Htmlpurifier package

2022
2010

Cross-site Scripting

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.