Описание
Cross-site Scripting in OWASP AntiSamy
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-35043
- https://github.com/nahsra/antisamy/pull/87
- https://github.com/nahsra/antisamy/releases/tag/v1.6.4
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Пакеты
org.owasp.antisamy:antisamy
>= 1.5.7, < 1.6.4
1.6.4
Связанные уязвимости
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...
Уязвимость библиотеки для выполнения быстрой настраиваемой очистки HTML AntiSamy, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки