CVE-2016-10006 Vulnerability in maven package org.owasp.antisamy:antisamy

Description

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.

Remediation

References

https://github.com/nahsra/antisamy/issues/2

http://www.securityfocus.com/bid/95101

http://www.securitytracker.com/id/1037532

Related Vulnerabilities

CVE-2022-39381 Vulnerability in npm package hummus

CVE-2023-45138 Vulnerability in maven package org.xwiki.contrib.changerequest:application-changerequest-ui

CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j

CVE-2021-4264 Vulnerability in npm package dustjs-linkedin

CVE-2023-34238 Vulnerability in npm package gatsby-cli

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N