OWASP AntiSamy up to 1.5.7 HTML5 Entities javascript: URL cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in OWASP AntiSamy up to 1.5.7 and classified as problematic. This vulnerability affects an unknown functionality of the component HTML5 Entities Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field09/26/2017 09:33 AM11/19/2019 03:47 PM01/14/2021 12:55 PM
vendorOWASPOWASPOWASP
nameAntiSamyAntiSamyAntiSamy
version<=1.5.7<=1.5.7<=1.5.7
componentHTML5 Entities HandlerHTML5 Entities HandlerHTML5 Entities Handler
input_typejavascript: URLjavascript: URLjavascript: URL
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.93.93.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore5.25.25.2
cvss3_meta_tempscore4.84.84.8
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.04.04.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sCCC
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aNNN
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
locationGitHub RepositoryGitHub RepositoryGitHub Repository
urlhttps://github.com/nahsra/antisamy/issues/10https://github.com/nahsra/antisamy/issues/10https://github.com/nahsra/antisamy/issues/10
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-14735CVE-2017-14735CVE-2017-14735
cve_assigned150629760015062976001506297600
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryOWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.
securityfocus_titleOWASP AntiSamy CVE-2017-14735 Cross Site Scripting VulnerabilityOWASP AntiSamy CVE-2017-14735 Cross Site Scripting VulnerabilityOWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability
seealso90449 91385 91680 91681 91682 91683 93098 93251 93252 93253 93254 93255 93256 93257 93258 93259 93260 94364 94366 94365 94367 94368 94370 94369 94371 94372 94374 94373 94375 9437690449 91385 91680 91681 91682 91683 93098 93251 93252 93253 93254 93255 93256 93257 93258 93259 93260 94364 94366 94365 94367 94368 94370 94369 94371 94372 94374 94373 94375 9437690449 91385 91680 91681 91682 91683 93098 93251 93252 93253 93254 93255 93256 93257 93258 93259 93260 94364 94366 94365 94367 94368 94370 94369 94371 94372 94374 94373 94375 94376
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcUCUCUC
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcUUU
0day_days818181
cvss3_nvd_basescore6.16.16.1
discoverydate14992992001499299200
confirm_urlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
securityfocus105656105656
securityfocus_date1506297600 (09/25/2017)1506297600 (09/25/2017)
securityfocus_classInput Validation ErrorInput Validation Error
person_nameRaj Veerappan
cvss2_nvd_basescore4.3

Do you want to use VulDB in your project?

Use the official API to access entries easily!