Candidate: CVE-2010-2479
PublicDate: 2010-07-06 17:17:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2479
 http://htmlpurifier.org/news/2010/0531-4.1.1-released
 http://wiki.mahara.org/Release_Notes/1.2.5
 http://wiki.mahara.org/Release_Notes/1.1.9
 http://wiki.mahara.org/Release_Notes/1.0.15
Description:
 Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as
 used in Mahara and other products, when the browser is Internet Explorer,
 allows remote attackers to inject arbitrary web script or HTML via
 unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mahara:
 upstream: http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230
 debdiff: https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/602772
upstream_mahara: released (1.0.15,1.1.9,1.2.5)
dapper_mahara: DNE
hardy_mahara: DNE
jaunty_mahara: released (1.0.9-2ubuntu0.7)
karmic_mahara: released (1.1.5-1ubuntu0.3)
lucid_mahara: released (1.2.4-1ubuntu0.1)
maverick_mahara: released (1.2.5-2)
devel_mahara: released (1.2.5-2)

Patches_php-htmlpurifier:
 upstream: http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230
upstream_php-htmlpurifier: released (4.1.1)
dapper_php-htmlpurifier: DNE
hardy_php-htmlpurifier: DNE
jaunty_php-htmlpurifier: DNE
karmic_php-htmlpurifier: released (3.3.0-1ubuntu0.1)
lucid_php-htmlpurifier: released (4.0.0+dfsg1-1ubuntu0.1)
maverick_php-htmlpurifier: not-affected (4.1.1+dfsg1-1)
devel_php-htmlpurifier: not-affected (4.1.1+dfsg1-1)