XSS in Antisamy_project Antisamy
CVE-2021-35043
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.015 (71.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Antisamy_project Antisamy
- Netapp Active_iq_unified_manager
- Oracle Banking_enterprise_default_management — versions 2.6.2, 2.7.0, 2.7.1
- Oracle Banking_enterprise_default_managment
- Oracle Banking_party_management — versions 2.7.0
- Oracle Banking_platform — versions 2.6.2, 2.7.0, 2.7.1
- Oracle Insurance_policy_administration — versions 11.0.2, 11.1.0, 11.2.8
- Oracle Middleware_common_libraries_and_tools — versions 12.2.1.3.0, 12.2.1.4.0
- Oracle Retail_back_office — versions 14.0, 14.1
- Oracle Retail_central_office — versions 14.0, 14.1
Weakness classification (CWE)
References
- cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-35043?
- CVE-2021-35043 is a medium-severity vulnerability in Antisamy_project Antisamy, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2021-07-19.
- How severe is CVE-2021-35043?
- Medium severity. CVSS v3 base score is 6.1 out of 10.