It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser ...