Antisamy_project Antisamy
8 CVEs affecting Antisamy_project Antisamy. Latest disclosed: 2024-02-02. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-28366 | High | 7.5 | 2022-04-21 | Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In par… |
CVE-2024-23635 | Medium | 6.1 | 2024-02-02 | AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XS… |
CVE-2023-43643 | Medium | 6.1 | 2023-10-09 | AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mut… |
CVE-2022-29577 | Medium | 6.1 | 2022-04-21 | OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed… |
CVE-2022-28367 | Medium | 6.1 | 2022-04-21 | OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed… |
CVE-2021-35043 | Medium | 6.1 | 2021-07-19 | OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript… |
CVE-2017-14735 | Medium | 6.1 | 2017-09-25 | OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. |
CVE-2016-10006 | Medium | 6.1 | 2016-12-24 | In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protectio… |