Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

antisamy project antisamy vulnerabilities and exploits

(subscribe to this query)
0.000
EPSS

CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vu...
Antisamy Project Antisamy
0.000
EPSS

CVE-2016-10006

In OWASP AntiSamy prior to 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Antisamy Project Antisamy
0.000
EPSS

CVE-2024-23635

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. before 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...
Antisamy Project Antisamy
0.000
EPSS

CVE-2022-28367

OWASP AntiSamy prior to 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
Antisamy Project Antisamy
0.003
EPSS

CVE-2017-14735

OWASP AntiSamy prior to 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
Antisamy Project Antisamy
0.001
EPSS

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko up to and including 2.26, and is fixed in 2.27. This issue also exists in Cyb...
Cyberneko Html Project Cyberneko HtmlHtmlunit HtmlunitAntisamy Project Antisamy
0.001
EPSS

CVE-2022-29577

OWASP AntiSamy prior to 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
Antisamy Project AntisamyOracle Enterprise Manager Base Platform 13.4.0.0Oracle Enterprise Manager Base Platform 13.5.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Weblogic Server 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0
0.000
EPSS

CVE-2021-35043

OWASP AntiSamy prior to 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.
Antisamy Project AntisamyOracle Retail Back Office 14.0Oracle Retail Back Office 14.1Oracle Retail Central Office 14.0Oracle Retail Central Office 14.1Oracle Retail Returns Management 14.0Oracle Retail Returns Management 14.1Oracle Banking Enterprise Default Management 2.6.2Oracle Banking Enterprise Default Management 2.7.0Oracle Banking Enterprise Default Management 2.7.1Oracle Banking Enterprise Default Management 2.10.0Oracle Banking Enterprise Default Management 2.12.0
Preferred Score:
EPSS
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
command injectionCVE-2025-1653remote code executionCVE-2023-52927qiskit sdkcivi - job board & freelance marketplace wordpress themeCVE-2025-29029tianocoreCVE-2025-24201CVE-2025-27363CVE-2024-13497analyticswpunspecified
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook