Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
antisamy project antisamy vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-28367
OWASP AntiSamy prior to 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
Antisamy Project Antisamy
6.1
CVSSv3
CVE-2016-10006
In OWASP AntiSamy prior to 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Antisamy Project Antisamy
6.1
CVSSv3
CVE-2023-43643
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vu...
Antisamy Project Antisamy
6.1
CVSSv3
CVE-2017-14735
OWASP AntiSamy prior to 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
Antisamy Project Antisamy
6.1
CVSSv3
CVE-2024-23635
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. before 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...
Antisamy Project Antisamy
7.5
CVSSv3
CVE-2022-28366
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko up to and including 2.26, and is fixed in 2.27. This issue also exists in Cyb...
Cyberneko Html Project Cyberneko Html
Htmlunit Htmlunit
Antisamy Project Antisamy
1 Github repository
6.1
CVSSv3
CVE-2022-29577
OWASP AntiSamy prior to 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
Antisamy Project Antisamy
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
6.1
CVSSv3
CVE-2021-35043
OWASP AntiSamy prior to 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Antisamy Project Antisamy
Oracle Retail Back Office 14.0
Oracle Retail Back Office 14.1
Oracle Retail Central Office 14.0
Oracle Retail Central Office 14.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Banking Enterprise Default Management 2.6.2
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Enterprise Default Management 2.7.1
Oracle Banking Enterprise Default Management 2.10.0
Oracle Banking Enterprise Default Management 2.12.0
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-13837
openanolis
shopwarden
mobatek
CVE-2024-13582
CVE-2025-25223
CVE-2025-24200
client side
CVE-2024-40591
CVE-2024-13627
type confusion
CSRF
softdiscover
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started