CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2021-35043
https://notcve.org/view.php?id=CVE-2021-35043
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character. OWASP AntiSamy versiones anteriores a 1.6.4, permite un ataque de tipo XSS por medio de atributos HTML cuando se usa el serializador de salida HTML (XHTML no está afectado). Esto fue demostrado por un javascript: URL con : como reemplazo del carácter • https://github.com/nahsra/antisamy/pull/87 https://github.com/nahsra/antisamy/releases/tag/v1.6.4 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14735
https://notcve.org/view.php?id=CVE-2017-14735
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. OWASP AntiSamy hasta la versión 1.5.7 permite que se produzca Cross-Site Scripting (XSS) mediante entidades HTML5, tal y como demuestra el uso de : (:) para construir un javascript: URL. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105656 https://github.com/nahsra/antisamy/issues/10 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10006
https://notcve.org/view.php?id=CVE-2016-10006
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. En OWASP AntiSamy en versiones anteriores a 1.5.5, presentando una entrada especialmente manipulada (una etiqueta que admita estilos con contenido activo), podría eludir las protecciones de la biblioteca y suministrar código ejecutable. El impacto es XSS. • http://www.securityfocus.com/bid/95101 http://www.securitytracker.com/id/1037532 https://github.com/nahsra/antisamy/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •