Cross-site Scripting (XSS)

esapi is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization use in the onsiteURL regular expression of antisamy-esapi.xml, allowing an attacker to inject and execute malicious javascript...