org.owasp.antisamy:antisamy (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.owasp.antisamy:antisamy, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2016-10006 — CVSS 6.1 (medium): In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass…
CVE-2017-14735 — CVSS 6.1 (medium): OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
CVE-2021-35043 — CVSS 6.1 (medium): OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was…
CVE-2022-28367 — CVSS 6.1 (medium): OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly…
CVE-2022-29577 — CVSS 6.1 (medium): OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly…
CVE-2023-43643 — CVSS 6.1 (medium): AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a…
CVE-2024-23635 — CVSS 6.1 (medium): AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a…