RSS   Vulnerabilities for 'Json-sanitizer'   RSS

2021-01-13
 
CVE-2021-23900

NVD-CWE-noinfo
 

 
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

 
 
CVE-2021-23899

CWE-611
 

 
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.

 
2020-06-09
 
CVE-2020-13973

CWE-79
 

 
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.

 

 >>> Vendor: Owasp 9 Products
Webscarab
Stinger
Enterprise security api
Owasp modsecurity core rule set
Json-sanitizer
Enterprise security api for java
Csrfguard
Java html sanitizer
Zed attack proxy


Copyright 2024, cxsecurity.com

 

Back to Top