Описание
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
Уязвимые конфигурации
Конфигурация 1Версия до 83 (включая)
Одно из
cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:*:*:*:*:*:*:*:*
cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:42:*:*:*:*:*:*:*
cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:48:*:*:*:*:*:*:*
cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:50:*:*:*:*:*:*:*
cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:74:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00221
Низкий
2.6 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
EPSS
Процентиль: 45%
0.00221
Низкий
2.6 Low
CVSS2
Дефекты
CWE-200