Info

Disclosure

May 16, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

SafeHTML contains a flaw that may allow a malicious user to bypass security in the quoting of HTML entrires. The issue is triggered when the _writeAttrs() function incorrectly handles specifically crafted HTML. It is possible that the flaw may allow a security bypass resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

pixel-apes.com	SafeHTML	1.3.1
		1.3.2

References

Secunia Advisory ID: 15371
CVE ID: 2005-1638 (see also: NVD)
Vendor URL: http://pixel-apes.com/safehtml/

Credit

Nick Cleaton -

Direct URL: http://osvdb.org/16612

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

pixel-apes.com

SafeHTML

References

Credit