GHSA-9C8W-JRW3-Q2C3 Cross-site Scripting in OWASP AntiSamy
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...