Description
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2005-4449 | Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets. |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-07T23:46:05.093Z
Reserved: 2005-12-21T00:00:00.000Z
Link: CVE-2005-4454
No data.
Status : Modified
Published: 2005-12-21T11:03:00.000
Modified: 2026-06-16T22:18:49.630
Link: CVE-2005-4454
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD