Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2021-35043

Published: 19/07/2021 Updated: 29/10/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Antisamy

Vulnerability Summary

OWASP AntiSamy prior to 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

antisamy project antisamy

oracle retail back office 14.1

oracle retail back office 14.0

oracle retail returns management 14.0

oracle retail returns management 14.1

oracle retail central office 14.0

oracle retail central office 14.1

oracle banking platform 2.6.2

oracle banking platform 2.7.0

oracle banking platform 2.7.1

oracle insurance policy administration 11.3.0

oracle insurance policy administration 11.0.2

oracle banking enterprise default management 2.12.0

oracle banking enterprise default management 2.10.0

oracle banking party management 2.7.0

oracle banking platform

oracle banking enterprise default managment

oracle insurance policy administration 11.1.0

oracle insurance policy administration 11.3.1

oracle banking enterprise default management 2.7.0

oracle banking enterprise default management 2.7.1

oracle banking enterprise default management 2.6.2

oracle insurance policy administration 11.2.8

oracle middleware common libraries and tools 12.2.1.4.0

oracle middleware common libraries and tools 12.2.1.3.0

netapp active iq unified manager -

Vendor Advisories

Debian CVElist Bug Report Logs: libowasp-antisamy-java: CVE-2016-10006 CVE-2017-14735 CVE-2021-35043
Debian Bug report logs - #1014981 libowasp-antisamy-java: CVE-2016-10006 CVE-2017-14735 CVE-2021-35043 Package: src:libowasp-antisamy-java; Maintainer for src:libowasp-antisamy-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 15 ...
Red Hat: CVE-2021-35043
OWASP AntiSamy before 164 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected) This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character ...

References

CWE-79https://github.com/nahsra/antisamy/releases/tag/v1.6.4https://github.com/nahsra/antisamy/pull/87https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014981https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-35043
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook