CVE-2010-4183: Cross-site Scripting

November 5, 2010 (updated November 9, 2010)

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

References

htmlpurifier.org/security/2010/css-quoting

Detect and mitigate CVE-2010-4183 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →