N/A

Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.

N/A

N/A

LiveJournal Cleanhtml.PL HTML注入漏洞

LiveJournal CVS在Dec 7 2005之前版本中的cleanhtml.pl 1.129存在过滤器前验证漏洞， 在启用了 cleancss选项时，远程攻击者可以通过样式属性(如"java\cript")中"javascript"模式内的一个"\"(反斜杆)发起跨站脚本攻击(XSS)，攻击可在"\"剥离之前绕过"javascript"检查，之后在支持样式表内脚本的web浏览器中进行渲染。

N/A

N/A