cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi.
References
Link | Resource |
---|---|
http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/cleanhtml.pl | |
http://secunia.com/advisories/18157 | Patch Vendor Advisory |
Configurations
History
No history.
Information
Published : 2005-12-21 11:03
Updated : 2024-02-04 16:52
NVD link : CVE-2005-4455
Mitre link : CVE-2005-4455
CVE.ORG link : CVE-2005-4455
JSON object : View
Products Affected
livejournal
- livejournal
CWE