Antisamy Project Antisamy — known CVE vulnerabilities
Every CVE whose affected-product data names Antisamy Project Antisamy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-28366 — CVSS 7.5 (high): Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory…
CVE-2017-14735 — CVSS 6.1 (medium): OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
CVE-2021-35043 — CVSS 6.1 (medium): OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was…
CVE-2022-28367 — CVSS 6.1 (medium): OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly…
CVE-2022-29577 — CVSS 6.1 (medium): OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly…
CVE-2023-43643 — CVSS 6.1 (medium): AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a…
CVE-2016-10006 — CVSS 6.1 (medium): In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass…
CVE-2024-23635 — CVSS 6.1 (medium): AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a…