Lucene search
K
Antisamy ProjectAntisamy

8 matches found

CVE
CVE
added 2024/02/02 4:32 p.m.223 views

CVE-2024-23635

CVE-2024-23635 affects AntiSamy prior to version 1.7.5, due to flawed HTML parsing when preserveComments is enabled, enabling potential mutation XSS. The connected IBM advisories confirm the issue and indicate the fix is to upgrade AntiSamy to 1.7.5 or newer. Practical impact is cross-site script...

6.1CVSS5.7AI score0.00368EPSS
CVE
CVE
added 2022/04/21 10:41 p.m.177 views

CVE-2022-28366

CVE-2022-28366 affects Neko HTML parsers used by HtmlUnit-Neko (up to 2.26; fixed in 2.27) and by CyberNeko HTML (up to 1.9.22; 1.9.22 is the last release). The issue is a denial of service via crafted Processing Instruction input that leads to excessive heap memory consumption. OWASP AntiSamy be...

7.5CVSS7.1AI score0.02082EPSS
CVE
CVE
added 2022/04/21 10:42 p.m.158 views

CVE-2022-29577

AntiSamy vulnerability CVE-2022-29577 affects AntiSamy before 1.6.7, allowing cross-site scripting via HTML/CSS content smuggling in STYLE content. The flaw stems from incomplete encoding in the output serializer for CSS/CSS-like input, enabling an attacker to execute script in the victim’s brows...

6.1CVSS6.1AI score0.01282EPSS
CVE
CVE
added 2022/04/21 10:42 p.m.136 views

CVE-2022-28367

CVE-2022-28367 affects the OWASP AntiSamy library (pre-1.6.6) and enables cross-site scripting by smuggling CSS (STYLE) content; the output serializer fails to properly encode CSS content. Multiple connected sources (Nessus, IBM advisories, GitHub GHSA entries) corroborate XSS via STYLE/CSS input...

6.1CVSS5.7AI score0.00995EPSS
CVE
CVE
added 2021/07/19 2:53 p.m.135 views

CVE-2021-35043

CVE-2021-35043 affects OWASP AntiSamy prior to 1.6.4. The issue is a cross-site scripting (XSS) flaw in the HTML output serializer where HTML attributes can be exploited, demonstrated by a javascript: URL substituted via &#00058 for the colon character. The vulnerability is documented in OSV (GHS...

6.1CVSS5.9AI score0.01513EPSS
CVE
CVE
added 2017/09/25 9:0 p.m.133 views

CVE-2017-14735

CVE-2017-14735 affects OWASP AntiSamy prior to version 1.5.7, enabling XSS via HTML5 entities (e.g., using : to construct a javascript: URL). The connected data show affected bundles in Crucible prior to 4.7.1 and other Atlassian integrations, indicating the vulnerability can exist in embedded An...

6.1CVSS5.9AI score0.01664EPSS
CVE
CVE
added 2023/10/09 1:31 p.m.109 views

CVE-2023-43643

CVE-2023-43643 concerns AntiSamy, a library for cleansing HTML. The connected documents confirm a mutation XSS (mXSS) vulnerability in Ant iSamy prior to 1.7.4 when preserveComments is enabled and certain tags are allowed, allowing crafted inputs to make comment-tag elements executable in sanitiz...

6.1CVSS6.2AI score0.00473EPSS
CVE
CVE
added 2016/12/24 6:17 p.m.84 views

CVE-2016-10006

CVE-2016-10006 affects the HTML/CSS sanitizer library in OWASP AntiSamy prior to version 1.5.5. A specially crafted input (a tag that supports style with active content) could bypass protections and cause executable code to be executed in the context of affected applications, yielding a Cross‑Sit...

6.1CVSS6.1AI score0.02039EPSS