Vulnerability Description
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Livejournal | Livejournal | All versions |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1000.html
- http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/cleanhtml.pl
- http://marc.info/?l=full-disclosure&m=113504421421972&w=2
- http://secunia.com/advisories/18157PatchVendor Advisory
- http://www.osvdb.org/21896
- http://www.securityfocus.com/bid/15990Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23839
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1000.html
- http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/cleanhtml.pl
- http://marc.info/?l=full-disclosure&m=113504421421972&w=2
- http://secunia.com/advisories/18157PatchVendor Advisory
- http://www.osvdb.org/21896
- http://www.securityfocus.com/bid/15990Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23839
FAQ
What is CVE-2005-4454?
CVE-2005-4454 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) atta...
How severe is CVE-2005-4454?
CVE-2005-4454 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4454?
Check the references section above for vendor advisories and patch information. Affected products include: Livejournal Livejournal.