HTML Purifier未明跨站脚本攻击漏洞
| CNNVD-ID编号 | CNNVD-201007-043 | CVE编号 | CVE-2010-2479 |
| 发布时间 | 2010-07-08 | 更新时间 | 2010-07-08 |
| 漏洞类型 | 跨站脚本 | 漏洞来源 | N/A |
| 危险等级 | 中危 | 威胁类型 | 远程 |
| 厂商 | mahara | ||
漏洞介绍
Catalyst Mahara是新西兰Catalyst IT公司的一套社交网络系统。该系统包含博客、履历表生成器、文件管理器等。
HTML Purifier 4.1.1之前版本在Mahara和其他产品中使用时,存在跨站脚本(XSS)攻击漏洞。当使用Internet Explorer作为浏览器时,远程攻击者可以利用未明向量注入任意web脚本或者HTML。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接
Debian Linux 5.0 ia-64
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0 alpha
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian Linux 5.0 ia-32
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0 s/390
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0 mipsel
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0 hppa
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0 m68k
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0 arm
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian Linux 5.0 armel
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian Linux 5.0 amd64
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian Linux 5.0 mips
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0 powerpc
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
Debian Linux 5.0 sparc
Debian mahara-apache2_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb
Debian mahara_1.0.4-4+lenny6_all.deb
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb
参考网址
来源: BID
名称: 41259
链接:http://www.securityfocus.com/bid/41259
来源: wiki.mahara.org
链接:http://wiki.mahara.org/Release_Notes/1.2.5
来源: wiki.mahara.org
链接:http://wiki.mahara.org/Release_Notes/1.1.9
来源: wiki.mahara.org
链接:http://wiki.mahara.org/Release_Notes/1.0.15
来源: SECUNIA
名称: 40431
链接:http://secunia.com/advisories/40431
来源: SECUNIA
名称: 39613
链接:http://secunia.com/advisories/39613
来源: repo.or.cz
链接:http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230
受影响实体
Mahara Mahara:1.0.13 Mahara Mahara:1.0.14 Mahara Mahara:0.9.1 Mahara Mahara:1.1.4 Mahara Mahara:1.1.3信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201007-043
评论