3 matches found
Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in OWASP Java HTML Sanitizer via HtmlPolicyBuilder noscript/style Tags (v20240325.1), affects watsonx.data
Summary A vulnerability in OWASP Java HTML Sanitizer v20240325.1 allows Cross-Site Scripting XSS when HtmlPolicyBuilder permits noscript or style tags with allowTextIn. Unsanitized CSS or unexpected tags can be exploited by attackers. No patch is available at the time of this publication. This ca...
DOM-based XSS com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer Dependency in Bamboo Data Center and Server
This High severity DOM-based XSS vulnerability known as CVE-2025-66021 was introduced in versions 10.2.9, 11.0.7, 12.0.1, and 12.1.0 of Bamboo Data Center and Server. This DOM-based XSS vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of...
CVE-2025-66021
OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...