Malicious input can provoke XSS when preserving comments

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in...

mXSS in AntiSamy

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result,...

ai.preferred:venom (>=4.1.3 <=4.2.7), at.ganzleicht.vaadin:vaadin-client-compiler (=9.1.3) +1063 more potentially affected by CVE-2022-29546 via net.sourceforge.htmlunit:neko-htmlunit (>=2.21 <=2.60.0)

net.sourceforge.htmlunit:neko-htmlunit MAVEN version =2.21, =4.1.3, =1.0.0, =1.0.0, =1.0.0, =1, =2.0, =0.9.6, =0.9.6, =0.0.10, =0.14, =5.4.0, =5.4.0, =6.1.3 and more Source cves: CVE-2022-29546 Source advisory: OSV:GHSA-6JMM-MP6W-4RRG...

Denial Of Service (DoS)

neko-htmlunit is vulnerable to denial of service. An attacker can crash the application through the out of memory exception in the scanPI function of HTMLScanner.java by providing a specifically crafted processing instruction...

at.willhaben.willtest:browserstack (>=1.0.0 <=1.1.8), at.willhaben.willtest:core (>=1.0.0 <=1.1.8) +417 more potentially affected by CVE-2022-28366 via net.sourceforge.htmlunit:neko-htmlunit (>=2.21 <=2.25)

net.sourceforge.htmlunit:neko-htmlunit MAVEN version =2.21, =1.0.0, =1.0.0, =1.0.0, =1, =0.0.10, =0.14, =1.0, =3.6.1, =2.60, =0.0.1, =16.07.16, =16.10.21 and more Source cves: CVE-2022-28366 Source advisory: OSV:GHSA-G9HH-VVX3-V37V...