Lucene search
GoogleOSV:GHSA-9C8W-JRW3-Q2C3HistoryAug 02, 2021 - 4:58 p.m.
Cross-site Scripting in OWASP AntiSamy
2021-08-0216:58:43
Google
osv.dev
12
owasp
antisamy
xss
html attributes
javascript url
EPSS
0.001
Percentile
40.3%
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
References
github.com/nahsra/antisamy
github.com/nahsra/antisamy/pull/87
github.com/nahsra/antisamy/releases/tag/v1.6.4
nvd.nist.gov/vuln/detail/CVE-2021-35043
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpujul2022.html
www.oracle.com/security-alerts/cpuoct2021.html
Related
debiancve
debiancve
CVE-2021-35043
2021-07-19 15:15:07
github
github
Cross-site Scripting in OWASP AntiSamy
2021-08-02 16:58:43
ubuntucve
ubuntucve
CVE-2021-35043
2021-07-19 00:00:00
nvd
nvd
CVE-2021-35043
2021-07-19 15:15:07
redhatcve
redhatcve
CVE-2021-35043
2021-07-23 11:49:38
cvelist
cvelist
CVE-2021-35043
2021-07-19 14:53:09
prion
prion
Cross site scripting
2021-07-19 15:15:00
osv
osv
CVE-2021-35043
2021-07-19 15:15:07
veracode
veracode
Cross-Site Scripting (XSS)
2021-09-17 07:40:27
cve
cve
CVE-2021-35043
2021-07-19 15:15:07
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00