The vulnerability of the HtmlAgilityPack parser library allows for rapid and customizable cleaning of HTML files by AntiSamy. This enables attackers to perform cross-site scripting attacks.

The vulnerability of the HtmlAgilityPack parser library for performing fast, customizable HTML cleanup operations is related to the lack of measures taken to protect the structure of web pages due to access to the preserveComments directive. Exploiting this vulnerability allows a remote attacker ...

GHSA-2MRQ-W8PV-5PVQ Malicious input can provoke XSS when preserving comments

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in...