Improper Neutralization of Special Elements

Overview org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the encodeForSQL function in th Encoder.java file. An attacker can manipulate SQ...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +557 more potentially affected by CVE-2025-5878 via org.owasp.esapi:esapi (>=2.0GA <=2.6.2.0)

org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...

CVE-2025-5878

CVE-2025-5878 affects the ESAPI Java legacy library, specifically the Encoder.encodeForSQL function in the SQL Injection Defense. The vulnerability arises from improper neutralization of special elements, enabling a remote attacker to exploit SQL injection. Public proof-of-concept exploits exist....

PT-2025-27359

Name of the Vulnerable Software and Affected Versions: ESAPI esapi-java-legacy versions prior to 2.7.0.0 Description: A vulnerability was found in the interface Encoder.encodeForSQL of the SQL Injection Defense, leading to an improper neutralization of special elements. The attack may be initiate...

CVE-2022-24891

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...

CVE-2022-23457

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +530 more potentially affected by unknown CVE via org.owasp.esapi:esapi (>=2.0GA <=2.5.1.0)

org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +233 more potentially affected by CVE-2013-5960 via org.owasp.esapi:esapi (>=2.0.1 <=2.1.0)

org.owasp.esapi:esapi MAVEN version =2.0.1, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1 - com.acooly:acooly-component-certification =5.2.1 -...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +516 more potentially affected by CVE-2022-24891 via org.owasp.esapi:esapi (>=2.0GA <=2.2.3.1)

org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...

PT-2022-16962

Name of the Vulnerable Software and Affected Versions ESAPI versions prior to 2.3.0.0 Description There is a potential for a cross-site scripting vulnerability in ESAPI caused by an incorrect regular expression for onsiteURL in the antisamy-esapi.xml configuration file. This can cause javascript:...

PT-2022-3553

Name of the Vulnerable Software and Affected Versions ESAPI versions prior to 2.3.0.0 Description The default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified parent directory. This potentially...

CVE-2022-23457 Path Traversal in ESAPI

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...