Produkt Antisamy (...) - CVEMAP.ORG

Podatności dla 'Antisamy'

2018-08-20

CVE-2018-1000643

CWE-79

DISPUTED OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting (XSS) vulnerability in AntiSamy.scan() - for both SAX & DOM that can result in Cross Site Scripting. NOTE: This has been disputed as a false positive.

2017-09-25

CVE-2017-14735

CWE-79

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.

2016-12-24

CVE-2016-10006

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.

Copyright 2024, cxsecurity.com