RSS   Vulnerabilities for 'Antisamy'   RSS

2018-08-20
 
CVE-2018-1000643

CWE-79
 

 
** DISPUTED ** OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting (XSS) vulnerability in AntiSamy.scan() - for both SAX & DOM that can result in Cross Site Scripting. NOTE: This has been disputed as a false positive.

 
2017-09-25
 
CVE-2017-14735

CWE-79
 

 
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

 
2016-12-24
 
CVE-2016-10006

 

 
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.

 


Copyright 2024, cxsecurity.com

 

Back to Top