antisamy project

Top products

The 8 most recently published vulnerabilities affecting antisamy project.

• CVE-2024-23635AntiSamy malicious input can provoke XSS when preserving comments6.1Feb 2, 2024
• CVE-2023-43643mXSS in AntiSamy6.1Oct 9, 2023
• CVE-2022-29577OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. ...6.1Apr 21, 2022
• CVE-2022-28367OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.6.1Apr 21, 2022
• CVE-2022-28366Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit...7.5Apr 21, 2022
• CVE-2021-35043OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement ...6.1Jul 19, 2021
• CVE-2017-14735OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.6.1Sep 25, 2017
• CVE-2016-10006In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The imp...6.1Dec 24, 2016