Lucene search
+L

174 matches found

Atlassian
Atlassian
added 2019/07/09 2:28 a.m.38 views

Update the bundled version of OWASP AntiSamy to address issues

The bundled version of OWASP AntiSamy in Fisheye before version 4.7.1 was vulnerable to CVE-2017-14735 https://nvd.nist.gov/vuln/detail/CVE-2017-14735 and CVE-2016-10006 https://nvd.nist.gov/vuln/detail/CVE-2016-10006...

1.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/18 5:22 p.m.23 views

Moderate severity vulnerability that affects org.owasp.antisamy:antisamy

OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting XSS vulnerability in AntiSamy.scan - for both SAX & DOM that can result in Cross Site Scripting...

3.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2018/10/18 5:22 p.m.1 views

GHSA-XV6V-72HH-G6G2 Moderate severity vulnerability that affects org.owasp.antisamy:antisamy

OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting XSS vulnerability in AntiSamy.scan - for both SAX & DOM that can result in Cross Site Scripting...

5.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2018/10/18 5:22 p.m.5 views

cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), co.pishfa.accelerate:accelerate-core (>=1.0.0 <=1.0.15) +425 more potentially affected by CVE-2017-14735 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.5.6)

org.owasp.antisamy:antisamy MAVEN version =1.4.3, =1.0.0, =1.0.0, =1.0.1 - co.pishfa.accelerate:accelerate-service =1.0.0 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1 - com.acooly:acooly-component-certificatio...

6.1CVSS6.6AI score0.01664EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/18 5:22 p.m.36 views

OWASP AntiSamy Cross-site Scripting vulnerability

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

6.1CVSS3.3AI score0.01664EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2018/10/18 5:22 p.m.3 views

GHSA-Q44V-XC3G-V7JQ OWASP AntiSamy Cross-site Scripting vulnerability

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

6.1CVSS6.9AI score0.01664EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2018/10/18 5:21 p.m.39 views

OWASP AntiSamy vulnerable to Cross-site Scripting

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

6.1CVSS6.1AI score0.02039EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/18 5:21 p.m.5 views

cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), co.pishfa.accelerate:accelerate-core (>=1.0.0 <=1.0.15) +425 more potentially affected by CVE-2016-10006 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.5.3)

org.owasp.antisamy:antisamy MAVEN version =1.4.3, =1.0.0, =1.0.0, =1.0.1 - co.pishfa.accelerate:accelerate-service =1.0.0 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1 - com.acooly:acooly-component-certificatio...

6.1CVSS6.3AI score0.02039EPSS
Exploits0
OSV
OSV
added 2018/10/18 5:21 p.m.20 views

GHSA-683W-6H9J-57WQ OWASP AntiSamy vulnerable to Cross-site Scripting

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

6.1CVSS6.1AI score0.02039EPSS
Exploits0References5
CNVD
CNVD
added 2018/08/22 12:0 a.m.4 views

OWASP AntiSamy Cross-Site Scripting Vulnerability (CNVD-2018-16313)

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A cross-site scripting vulnerability exists in the 'AntiSamy.scan' function in OWASP AntiSamy 1.5.7 and earlier versions, which stems from the program failing to filter HTML/HTML5 elements. A remot...

6.4AI score
Exploits0References1
Veracode
Veracode
added 2017/11/13 5:25 a.m.29 views

Cross-site Scripting (XSS)

Antisamy is vulnerable to cross-site scripting XSS attacks. Using HTML5, attackers can inject and execute arbitrary webscript to an application...

6.1CVSS7.5AI score0.01664EPSS
Exploits0References10Affected Software2
CNVD
CNVD
added 2017/09/26 12:0 a.m.5 views

OWASP AntiSamy Cross-Site Scripting Vulnerability

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A security vulnerability exists in OWASP AntiSamy 1.5.7 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of HTML5 entities...

6.1CVSS6.6AI score0.01664EPSS
Exploits0References1
NVD
NVD
added 2017/09/25 9:29 p.m.33 views

CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

6.1CVSS6.2AI score0.01664EPSS
Exploits0References9
OSV
OSV
added 2017/09/25 9:29 p.m.2 views

DEBIAN-CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

6.1CVSS6.1AI score0.01664EPSS
Exploits0References1
OSV
OSV
added 2017/09/25 9:29 p.m.29 views

CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

6.1CVSS5.9AI score
Exploits0References9
Prion
Prion
added 2017/09/25 9:29 p.m.19 views

Cross site scripting

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

4.3CVSS7.1AI score0.01664EPSS
Exploits0References9Affected Software1
UbuntuCve
UbuntuCve
added 2017/09/25 9:29 p.m.26 views

CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

6.1CVSS6.7AI score0.01664EPSS
Exploits0References2
OSV
OSV
added 2017/09/25 9:29 p.m.4 views

UBUNTU-CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

6.1CVSS6.7AI score0.01664EPSS
Exploits0References3
CVE
CVE
added 2017/09/25 9:0 p.m.138 views

CVE-2017-14735

CVE-2017-14735 affects OWASP AntiSamy prior to version 1.5.7, enabling XSS via HTML5 entities (e.g., using : to construct a javascript: URL). The connected data show affected bundles in Crucible prior to 4.7.1 and other Atlassian integrations, indicating the vulnerability can exist in embedded An...

6.1CVSS5.9AI score0.01664EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2017/09/25 9:0 p.m.52 views

CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

7.4AI score0.01664EPSS
Exploits0References9
Rows per page
Query Builder