Ravens PHP Scripts

HTML Purifier Multiple Vulnerabilities
Date: Monday, March 28, 2011 @ 20:09:15 PDT
Topic: Security


SECUNIA ADVISORY ID: SA43907

VERIFY ADVISORY: http://secunia.com/advisories/43907/07

CRITICALITY: Moderately Critical

RELEASE DATE: 2011-03-28

DESCRIPTION: Some vulnerabilities have been reported in HTML Purifier, which can be exploited by malicious people to conduct script insertion attacks and potentially cause a DoS (Denial of Service). The vulnerabilities are reported in versions prior to 4.3.0.



1) Certain input passed e.g. via CDATA and cssText/innerHTML is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed.
2) An error exists within the "tokenizeDOM()" function in HTMLPurifier/Lexer/DOMLex.php while handling nested DOM objects. This can be exploited to exhaust the stack space and e.g. cause a crash.

SOLUTION: Update to version 4.3.0.

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Neike Taika-Tessaro and Mario Heiderich.
2) Reported by the vendor.






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3917