Fluid Attacks Database

Description

OWASP AntiSamy vulnerable to Cross-site Scripting In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libowasp-antisamy-java	=1.5.3+dfsg-1.1 \|\| =1.7.4-1	-
debian 12	libowasp-antisamy-java	=1.5.3+dfsg-1.1 \|\| =1.7.4-1	-
debian 13	libowasp-antisamy-java	>=0 <1.7.4-1	1.7.4-1
debian 14	libowasp-antisamy-java	>=0 <1.7.4-1	1.7.4-1
maven	org.owasp.antisamy:antisamy	>=0 <1.5.5	1.5.5

Aliases

1. CVE-2016-100062. NVD-2016-100063. OSV-DEBIAN-2016-100064. OSV-2016-100065. GCVE-2016-100066. SECURITY-TRACKER-CVE-2016-10006

References

1. https://github.com/epicosy/VUL4J-602. https://github.com/nahsra/antisamy/issues/23. https://web.archive.org/web/20170214025813/http://www.securityfocus.com/bid/951014. https://web.archive.org/web/20201207192053/http://www.securitytracker.com/id/1037532