Org.owasp.antisamy:antisamy
This hub aggregates every CVE we track for Org.owasp.antisamy:antisamy, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
0
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM7
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Org.owasp.antisamy:antisamy.
- CVE-2024-23635AntiSamy malicious input can provoke XSS when preserving comments6.1
- CVE-2023-43643mXSS in AntiSamy6.1
- CVE-2022-29577OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. ...6.1
- CVE-2022-28367OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.6.1
- CVE-2021-35043OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement ...6.1
- CVE-2017-14735OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.6.1
- CVE-2016-10006In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The imp...6.1
Product normalization is registry-driven with AI assist and human review. How it works