CVE-2023-43643 in WebLogic Serverthông tin

Tóm tắt

Bởi MITRE • 25/10/2023

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

chịu trách nhiệm

GitHub, Inc.

Đặt trước

20/09/2023

Tiết lộ

25/10/2023

Kiểm duyệt

được chấp nhận

mục

2

Liên hệ

hiển thị

EPSS

0.00473

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you know our Splunk app?

Download it now for free!