logo

Database

Reflected cross-site scripting (XSS) In libowasp-antisamy-java

Description

OWASP AntiSamy Cross-site Scripting vulnerability OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-147352. NVD-2017-147353. OSV-DEBIAN-2017-147354. OSV-2017-147355. GHSA-q44v-xc3g-v7jq6. GCVE-2017-147357. SECURITY-TRACKER-CVE-2017-14735

References

1. https://github.com/shoucheng3/nahsra__antisamy_CVE-2017-14735_1-5-62. https://github.com/nahsra/antisamy/issues/103. https://www.oracle.com/security-alerts/cpuApr2021.html4. https://www.oracle.com/security-alerts/cpuapr2020.html5. https://www.oracle.com/security-alerts/cpujan2020.html6. https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html7. https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html8. http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html9. http://www.securityfocus.com/bid/105656

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.