Vulnerabilities > CVE-2005-2608 - Cross-Site Scripting vulnerability in Safehtml 1.3.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
safehtml
Summary
SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |