Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability...

CVE-2023-43643

CVE-2023-43643 concerns AntiSamy, a library for cleansing HTML. The connected documents confirm a mutation XSS (mXSS) vulnerability in Ant iSamy prior to 1.7.4 when preserveComments is enabled and certain tags are allowed, allowing crafted inputs to make comment-tag elements executable in sanitiz...