AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. before 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
antisamy project antisamy |