OWASP AntiSamy up to 1.5.7 HTML5 Entities javascript: URL cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in OWASP AntiSamy up to 1.5.7 and classified as problematic. This vulnerability affects an unknown functionality of the component HTML5 Entities Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082000401/14/2021VulD...cvss2_nvd_basescore4.3nist.gov01/14/2021accepted90
1082000301/14/2021VulD...person_nameRaj Veerappansecurityfocus.com01/14/2021accepted70
713875611/19/2019VulD...securityfocus_classInput Validation Errorsecurityfocus.com11/19/2019accepted100
713875511/19/2019VulD...securityfocus_date1506297600 (09/25/2017)securityfocus.com11/19/2019accepted100
713875411/19/2019VulD...securityfocus105656securityfocus.com11/19/2019accepted100
713874811/19/2019VulD...confirm_urlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmloracle.com11/19/2019accepted100
713870811/19/2019VulD...discoverydate149929920011/19/2019accepted100
713876609/26/2017VulD...cvss3_nvd_basescore6.1nist.gov09/26/2017accepted90
713876509/26/2017VulD...0day_days8109/26/2017accepted90
713876409/26/2017VulD...cvss3_vuldb_rcU09/26/2017accepted90
713876309/26/2017VulD...cvss3_vuldb_rlX09/26/2017accepted90
713876209/26/2017VulD...cvss3_vuldb_eX09/26/2017accepted90
713876109/26/2017VulD...cvss2_vuldb_rcUC09/26/2017accepted90
713876009/26/2017VulD...cvss2_vuldb_rlND09/26/2017accepted90
713875909/26/2017VulD...cvss2_vuldb_eND09/26/2017accepted90
713875809/26/2017VulD...seealso90449 91385 91680 91681 91682 91683 93098 93251 93252 93253 93254 93255 93256 93257 93258 93259 93260 94364 94366 94365 94367 94368 94370 94369 94371 94372 94374 94373 94375 9437609/26/2017accepted100
713875709/26/2017VulD...securityfocus_titleOWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerabilitysecurityfocus.com09/26/2017accepted100
713875309/26/2017VulD...cve_nvd_summaryOWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.mitre.org09/26/2017accepted100
713875209/26/2017VulD...cve_nvd_published1506297600mitre.org09/26/2017accepted100
713875109/26/2017VulD...cve_assigned1506297600mitre.org09/26/2017accepted100

Interested in the pricing of exploits?

See the underground prices here!