6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.7%
AntiSamy is vulnerable to Cross Site Scripting. The vulnerability arises due to flawed parsing of the HTML being sanitized. As a result an attacker can execute malicious JavaScript on client side by using certain crafty inputs resulting in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. The preserveComments
directive must be enabled in the AntiSamy policy file (e.g., antisamy.xml
) to get subjected to this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
owasp antisamy | le | 1.7.3 | |
owasp antisamy | le | 1.7.3 | |
libowasp-antisamy-java:sid | eq | 1.5.3+dfsg-1 |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.7%