CVE-2025-66021

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...

CVE-2025-66021

The CVE-2025-66021 entry concerns OWASP Java HTML Sanitizer (version 20240325.1). The vulnerability arises when HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag, enabling XSS if crafted payloads bypass CSS sanitization and include unallowed tags. Public detai...

EUVD-2025-199654

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...

CVE-2025-66021 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...

CVE-2025-66021 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...

au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0), br.com.jarch:jarch-apt (>=20.7.0 <=25.11.0) +744 more potentially affected by CVE-2025-66021 via com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (>=r136 <=20240325.1)

com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer MAVEN version =r136, =6.2.2, =20.7.0, =24.2.0, =20.7.0, =23.1.0, =24.2.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =8.6.8 and more Source cves: CVE-2025-66021 Source advisory:...

EUVD-2021-2151

Malware in sbrugna...

owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

CVE-2021-42575

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

Policies not properly enforced in OWASP Java HTML Sanitizer

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

CVE-2021-42575

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

Fedora Update for owasp-java-html-sanitizer FEDORA-2016-f3b40fcbc3

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OWASP Java HTML Sanitizer信息泄露漏洞

Bugtraq ID: 50748 CVE ID：CVE-2011-4457 Owasp-java-html-sanitizer是一款基于java的过滤HTML的应用，用于保护XSS。 当过滤内容与用户交互并且JavaScipt禁用时OWASP HTML Sanitizer存在漏洞，允许重定向或POST到任意URL。导致敏感信息泄露。 OWASP Java HTML Sanitizer 厂商解决方案 OWASP Java HTML Sanitizer r88已经修复此漏洞，建议用户下载使用： http://code.google.com/p/owasp-java-html-sanitiz...