Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
OwaspJava Html Sanitizer

2 matches found

CVE
CVEadded 2021/10/18 2:38 p.m.336 views

CVE-2021-42575

The IBM Jazz Reporting Service is affected by CVE-2021-42575 (OWASP Java HTML Sanitizer before 20211018.1 fails to properly enforce policies for SELECT, STYLE, and OPTION). Affected versions: 7.1, 7.0.3, 7.0.2. Remediation via IBM: apply the relevant iFix from Fix Central (7.1: iFix005; 7.0.3: iF...

9.8CVSS9.2AI score0.00718EPSS
CVE
CVEadded 2025/11/26 1:53 a.m.65 views

CVE-2025-66021

The CVE-2025-66021 entry concerns OWASP Java HTML Sanitizer (version 20240325.1). The vulnerability arises when HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag, enabling XSS if crafted payloads bypass CSS sanitization and include unallowed tags. Public detai...

8.6CVSS5.7AI score0.00013EPSS