U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:antisamy_project:antisamy:1.4.4:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

Published: July 19, 2021; 11:15:07 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

Published: September 25, 2017; 5:29:01 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.

Published: December 24, 2016; 1:59:00 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM