Title: SafeHTML Quotes Handling Security Bypass Vulnerability
Severity: MODERATE
Description:
SafeHTML is an HTML parser implemented in PHP. This application is designed to strip potentially malicious content such as tags and script code in HTML files.
It is reported that SafeHTML does not filter HTML entities in a proper manner. The problem presents itself in '_writeAttrs()' when it improperly handles quotes in attribute values. An attacker can manipulate the use of quotes to bypass the security restrictions applied by SafeHTML. This can allow the attacker to exploit latent vulnerabilities in an application protected by SafeHTML.
Failure to filter HTML content can result in the exploitation of various latent vulnerabilities in Web based applications. A successful attack may facilitate HTML injection or cross-site scripting type issues.
This issue has been addressed in SafeHTML version 1.3.2; earlier versions are reported vulnerable.
Affected Products:
- SafeHTML SafeHTML 1.1.0
- SafeHTML SafeHTML 1.2.0
- SafeHTML SafeHTML 1.2.1
- SafeHTML SafeHTML 1.3.0
- SafeHTML SafeHTML 1.3.1
References:
- SafeHTML: SafeHTML Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
