Skip to main content

CVE-2005-4454

Severity Medium
Score 4.3/10

Summary

Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.

  • MEDIUM
  • NETWORK
  • NONE
  • PARTIAL
  • NONE
  • NONE

References

Advisory Timeline

  • Published