7 matches found
PT-2023-33058 · Esapi · Esapi
Name of the Vulnerable Software and Affected Versions: ESAPI versions 1.3 through 2.5.x Description: The Validator.isValidSafeHTML method can result in false negatives, reporting some input as safe when it is not, potentially leading to XSS vulnerabilities. This issue affects all versions of ESAP...
Cross site scripting
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
Cross-site Scripting in org.owasp.esapi:esapi
Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. Patches Patched in...
CVE-2022-24891 Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2022-24891 Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2022-24891
CVE-2022-24891 affects ESAPI (antisamy-esapi.xml) where an incorrect regular expression for onsiteURL could allow JavaScript: URLs to escape proper sanitization. The issue is fixed in ESAPI 2.3.0.0; workaround is to manually edit antisamy-esapi.xml to adjust the onsiteURL regex. Connected sources...