174 matches found
Update the bundled version of OWASP AntiSamy to address issues
The bundled version of OWASP AntiSamy in Fisheye before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting XSS vulnerability in AntiSamy.scan - for both SAX & DOM that can result in Cross Site Scripting...
GHSA-XV6V-72HH-G6G2 Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting XSS vulnerability in AntiSamy.scan - for both SAX & DOM that can result in Cross Site Scripting...
cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), co.pishfa.accelerate:accelerate-core (>=1.0.0 <=1.0.15) +425 more potentially affected by CVE-2017-14735 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.5.6)
org.owasp.antisamy:antisamy MAVEN version =1.4.3, =1.0.0, =1.0.0, =1.0.1 - co.pishfa.accelerate:accelerate-service =1.0.0 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1 - com.acooly:acooly-component-certificatio...
OWASP AntiSamy Cross-site Scripting vulnerability
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...
GHSA-Q44V-XC3G-V7JQ OWASP AntiSamy Cross-site Scripting vulnerability
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...
OWASP AntiSamy vulnerable to Cross-site Scripting
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...
cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), co.pishfa.accelerate:accelerate-core (>=1.0.0 <=1.0.15) +425 more potentially affected by CVE-2016-10006 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.5.3)
org.owasp.antisamy:antisamy MAVEN version =1.4.3, =1.0.0, =1.0.0, =1.0.1 - co.pishfa.accelerate:accelerate-service =1.0.0 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1 - com.acooly:acooly-component-certificatio...
GHSA-683W-6H9J-57WQ OWASP AntiSamy vulnerable to Cross-site Scripting
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...
OWASP AntiSamy Cross-Site Scripting Vulnerability (CNVD-2018-16313)
OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A cross-site scripting vulnerability exists in the 'AntiSamy.scan' function in OWASP AntiSamy 1.5.7 and earlier versions, which stems from the program failing to filter HTML/HTML5 elements. A remot...
Cross-site Scripting (XSS)
Antisamy is vulnerable to cross-site scripting XSS attacks. Using HTML5, attackers can inject and execute arbitrary webscript to an application...
OWASP AntiSamy Cross-Site Scripting Vulnerability
OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A security vulnerability exists in OWASP AntiSamy 1.5.7 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of HTML5 entities...
CVE-2017-14735
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...
DEBIAN-CVE-2017-14735
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...
CVE-2017-14735
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...
Cross site scripting
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...
CVE-2017-14735
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...
UBUNTU-CVE-2017-14735
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...
CVE-2017-14735
CVE-2017-14735 affects OWASP AntiSamy prior to version 1.5.7, enabling XSS via HTML5 entities (e.g., using : to construct a javascript: URL). The connected data show affected bundles in Crucible prior to 4.7.1 and other Atlassian integrations, indicating the vulnerability can exist in embedded An...
CVE-2017-14735
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...