You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OWASP AntiSamy project is a collection of APIs for safely allowing users to supply their own HTML and CSS without exposing the site to XSS vulnerabilities.
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
mend-bolt-for-githubbot
changed the title
CVE-2016-10006 Medium Severity Vulnerability detected by WhiteSource
CVE-2016-10006 Medium Severity Vulnerability detected by WhiteSource - autoclosed
Feb 20, 2021
CVE-2016-10006 - Medium Severity Vulnerability
Vulnerable Library - antisamy-1.4.3.jar
The OWASP AntiSamy project is a collection of APIs for safely allowing users to supply their own HTML and CSS without exposing the site to XSS vulnerabilities.
path: /root/.m2/repository/org/owasp/antisamy/antisamy/1.4.3/antisamy-1.4.3.jar
Library home page: http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project/antisamy
Dependency Hierarchy:
Vulnerability Details
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Publish Date: 2016-12-24
URL: CVE-2016-10006
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1037532
Fix Resolution: The vendor has issued a fix (1.5.5).
The vendor advisory is available at:
nahsra/antisamy#2
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: