medium
4.3
CWE
79
Advisory Published
CVE Published
Updated

CVE-2010-4183: XSS

First published: Mon Apr 26 2010(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
composer/ezyang/htmlpurifier<4.1.0
composer/ezyang/htmlpurifier<4.1.0
4.1.0
All of
Any of
HTML Purifier<=4.0.0
HTML Purifier=1.0.0
HTML Purifier=1.0.0-beta
HTML Purifier=1.0.1
HTML Purifier=1.1.0
HTML Purifier=1.1.1
HTML Purifier=1.1.2
HTML Purifier=1.2.0
HTML Purifier=1.3.0
HTML Purifier=1.3.1
HTML Purifier=1.3.2
HTML Purifier=1.4.0
HTML Purifier=1.4.0
HTML Purifier=1.4.1
HTML Purifier=1.4.1
HTML Purifier=1.5.0
HTML Purifier=1.5.0
HTML Purifier=1.6.0
HTML Purifier=1.6.0
HTML Purifier=1.6.1
HTML Purifier=1.6.1
HTML Purifier=2.0.0
HTML Purifier=2.0.0
HTML Purifier=2.0.1
HTML Purifier=2.0.1
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.4
HTML Purifier=2.1.4
HTML Purifier=2.1.4
HTML Purifier=2.1.5
HTML Purifier=2.1.5
HTML Purifier=2.1.5
HTML Purifier=3.0.0
HTML Purifier=3.0.0
HTML Purifier=3.0.0
HTML Purifier=3.1.0
HTML Purifier=3.1.0
HTML Purifier=3.1.0
HTML Purifier=3.1.0-rc1
HTML Purifier=3.1.0-rc1
HTML Purifier=3.1.0-rc1
HTML Purifier=3.1.1
HTML Purifier=3.1.1
HTML Purifier=3.1.1
HTML Purifier=3.2.0
HTML Purifier=3.2.0
HTML Purifier=3.2.0
HTML Purifier=3.3.0
HTML Purifier=3.3.0
HTML Purifier=3.3.0
HTML Purifier=4.0.0
HTML Purifier=4.0.0
Internet Explorer
HTML Purifier<=4.0.0
HTML Purifier=1.0.0
HTML Purifier=1.0.0-beta
HTML Purifier=1.0.1
HTML Purifier=1.1.0
HTML Purifier=1.1.1
HTML Purifier=1.1.2
HTML Purifier=1.2.0
HTML Purifier=1.3.0
HTML Purifier=1.3.1
HTML Purifier=1.3.2
HTML Purifier=1.4.0
HTML Purifier=1.4.0
HTML Purifier=1.4.1
HTML Purifier=1.4.1
HTML Purifier=1.5.0
HTML Purifier=1.5.0
HTML Purifier=1.6.0
HTML Purifier=1.6.0
HTML Purifier=1.6.1
HTML Purifier=1.6.1
HTML Purifier=2.0.0
HTML Purifier=2.0.0
HTML Purifier=2.0.1
HTML Purifier=2.0.1
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.0
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.1
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.2
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.3
HTML Purifier=2.1.4
HTML Purifier=2.1.4
HTML Purifier=2.1.4
HTML Purifier=2.1.5
HTML Purifier=2.1.5
HTML Purifier=2.1.5
HTML Purifier=3.0.0
HTML Purifier=3.0.0
HTML Purifier=3.0.0
HTML Purifier=3.1.0
HTML Purifier=3.1.0
HTML Purifier=3.1.0
HTML Purifier=3.1.0-rc1
HTML Purifier=3.1.0-rc1
HTML Purifier=3.1.0-rc1
HTML Purifier=3.1.1
HTML Purifier=3.1.1
HTML Purifier=3.1.1
HTML Purifier=3.2.0
HTML Purifier=3.2.0
HTML Purifier=3.2.0
HTML Purifier=3.3.0
HTML Purifier=3.3.0
HTML Purifier=3.3.0
HTML Purifier=4.0.0
HTML Purifier=4.0.0
Internet Explorer

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2010-4183?

    CVE-2010-4183 is associated with multiple cross-site scripting (XSS) vulnerabilities, which are generally considered high severity due to their potential for exploiting user sessions.

  • How do I fix CVE-2010-4183?

    To fix CVE-2010-4183, upgrade to HTML Purifier version 4.1.0 or later, which addresses these security vulnerabilities.

  • Which software versions are affected by CVE-2010-4183?

    CVE-2010-4183 affects all versions of HTML Purifier prior to 4.1.0.

  • What kind of attacks can CVE-2010-4183 facilitate?

    CVE-2010-4183 allows remote attackers to inject arbitrary web scripts or HTML via specific CSS properties, leading to potential data theft or session hijacking.

  • Is Internet Explorer impacted by CVE-2010-4183?

    CVE-2010-4183 specifically targets scenarios where Internet Explorer is used; however, the vulnerability exists within HTML Purifier.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203