12 matches found
CVE-2025-66021
OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...
PT-2025-48110
Name of the Vulnerable Software and Affected Versions OWASP Java HTML Sanitizer versions 20240325.1 Description OWASP Java HTML Sanitizer is vulnerable to Cross-Site Scripting XSS when the HtmlPolicyBuilder allows noscript and style tags with allowTextIn enabled within the style tag. This occurs...
EUVD-2021-2151
Malware in sbrugna...
new packages: owasp-java-encoder
An update is available for owasp-java-encoder. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
Policies not properly enforced in OWASP Java HTML Sanitizer
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
rhel8 bug fix and enhancement update
An update is available for jmc, ee4j-parent, jaf, HdrHistogram, lz4-java, owasp-java-encoder, directory-maven-plugin, jmc-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Fedora Update for owasp-java-html-sanitizer FEDORA-2016-f3b40fcbc3
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OWASP Java Encoder Filter Bypass
Product: OWASP Java Encoder Vulnerability: Mutation Based XSS Bypass Impact: Medium/Limited Authors: Rafay Baloch And Alex Infuhr Company: RHAinfoSEC Website: http://services.rafayhackingarticles.net Status: To be fixed in the next release ========= Description ========= Owasp encoder is an...
OWASP Java HTML Sanitizer信息泄露漏洞
Bugtraq ID: 50748 CVE ID:CVE-2011-4457 Owasp-java-html-sanitizer是一款基于java的过滤HTML的应用,用于保护XSS。 当过滤内容与用户交互并且JavaScipt禁用时OWASP HTML Sanitizer存在漏洞,允许重定向或POST到任意URL。导致敏感信息泄露。 OWASP Java HTML Sanitizer 厂商解决方案 OWASP Java HTML Sanitizer r88已经修复此漏洞,建议用户下载使用: http://code.google.com/p/owasp-java-html-sanitiz...