Описание
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
A flaw was found in AnitSamy, where it allows a Cross-site Scripting attack (XSS) via HTML attributes when using the HTML output serializer (XHTML is not affected). This issue was demonstrated by a javascript: URL with : as the replacement for the : character. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Отчет
Marking Red Hat JBoss Fuse 6 as having a low impact. Although AntiSamy is present in the offline repository, it is not used. This vulnerability is out of security support scope for the following products:
- Red Hat JBoss Fuse 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Fuse 6 | OWASP AntiSamy | Out of support scope |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...
Уязвимость библиотеки для выполнения быстрой настраиваемой очистки HTML AntiSamy, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
8.8 High
CVSS3