Описание
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4457
- https://github.com/OWASP/java-html-sanitizer/commit/2027d3df73f62eb30b7f08269f346989f03144bd
- https://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/change_log.md?plain=1#L103
- https://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/docs/cve20114457.md
- http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457
- http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html
Пакеты
Наименование
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
maven
Затронутые версииВерсия исправления
< 88
88
Связанные уязвимости
nvd
около 14 лет назад
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.