Описание
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.5 (исключая)
cpe:2.3:a:antisamy_project:antisamy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00539
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 9 лет назад
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
CVSS3: 6.1
debian
около 9 лет назад
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted inpu ...
CVSS3: 6.1
github
больше 7 лет назад
OWASP AntiSamy vulnerable to Cross-site Scripting
EPSS
Процентиль: 67%
0.00539
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79