CVE-2005-4455 Information

Description

cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML via vectors such as customview.cgi.

Reference

http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/cleanhtml.pl http://secunia.com/advisories/18157