Search...

CVE-2016-10006

2016-12-24T18:59:00

ID CVE-2016-10006
Type cve
Reporter cve@mitre.org
Modified 2019-11-14T13:22:00

Description

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.

JSON Vulners Source

Initial Source

{"id": "CVE-2016-10006", "bulletinFamily": "NVD", "title": "CVE-2016-10006", "description": "In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.", "published": "2016-12-24T18:59:00", "modified": "2019-11-14T13:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10006", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/95101", "https://github.com/nahsra/antisamy/issues/2", "http://www.securitytracker.com/id/1037532"], "cvelist": ["CVE-2016-10006"], "type": "cve", "lastseen": "2020-12-09T20:07:33", "edition": 6, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-683W-6H9J-57WQ"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CRUC-8410", "ATLASSIAN:FE-7202"]}], "modified": "2020-12-09T20:07:33", "rev": 2}, "score": {"value": 4.2, "vector": "NONE", "modified": "2020-12-09T20:07:33", "rev": 2}, "vulnersScore": 4.2}, "cpe": [], "affectedSoftware": [{"cpeName": "antisamy_project:antisamy", "name": "antisamy project antisamy", "operator": "lt", "version": "1.5.5"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:antisamy_project:antisamy:1.5.5:*:*:*:*:*:*:*", "versionEndExcluding": "1.5.5", "vulnerable": true}], "operator": "OR"}]}}

{"github": [{"lastseen": "2020-03-10T23:26:08", "bulletinFamily": "software", "cvelist": ["CVE-2016-10006"], "description": "In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.", "edition": 2, "modified": "2019-07-03T21:02:04", "published": "2018-10-18T17:21:47", "id": "GHSA-683W-6H9J-57WQ", "href": "https://github.com/advisories/GHSA-683w-6h9j-57wq", "title": "Moderate severity vulnerability that affects org.owasp.antisamy:antisamy", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "atlassian": [{"lastseen": "2020-12-24T14:35:20", "bulletinFamily": "software", "cvelist": ["CVE-2017-14735", "CVE-2016-10006"], "description": "The bundled version of OWASP AntiSamy in Crucible before version 4.7.1 was vulnerable to CVE-2017-14735 (https://nvd.nist.gov/vuln/detail/CVE-2017-14735) and CVE-2016-10006 (https://nvd.nist.gov/vuln/detail/CVE-2016-10006).", "edition": 3, "modified": "2019-12-10T04:12:12", "published": "2019-07-09T02:33:28", "id": "ATLASSIAN:CRUC-8410", "href": "https://jira.atlassian.com/browse/CRUC-8410", "title": "Update the bundled version of OWASP AntiSamy to address issues", "type": "atlassian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-24T14:35:30", "bulletinFamily": "software", "cvelist": ["CVE-2017-14735", "CVE-2016-10006"], "description": "The bundled version of OWASP AntiSamy in Fisheye before version 4.7.1 was vulnerable to CVE-2017-14735 (https://nvd.nist.gov/vuln/detail/CVE-2017-14735) and CVE-2016-10006 (https://nvd.nist.gov/vuln/detail/CVE-2016-10006).", "edition": 3, "modified": "2019-12-10T04:12:22", "published": "2019-07-09T02:28:47", "id": "ATLASSIAN:FE-7202", "href": "https://jira.atlassian.com/browse/FE-7202", "title": "Update the bundled version of OWASP AntiSamy to address issues", "type": "atlassian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}