Vulnerabilities > CVE-2005-1638 - Unspecified vulnerability in Pixel-Apes Group Safehtml

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

pixel-apes-group

NVD

Published: 2005-05-17

Updated: 2008-09-05

Summary

The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection.

Vulnerable Configurations

Part	Description	Count
Application	Pixel-Apes_Group Pixel Apes Group Safehtml 1.1.0 Pixel Apes Group Safehtml 1.2.0 Pixel Apes Group Safehtml 1.2.1 Pixel Apes Group Safehtml 1.3.0 Pixel Apes Group Safehtml 1.3.1	5

References

http://pixel-apes.com/safehtml/feed
http://secunia.com/advisories/15371
http://www.osvdb.org/16612