CVE-2021-35043
CVSS v3.1
6.1 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.09 % (41th)
Affected Products
11
Advisories
1
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2021-07-19 15:15:07
(3 years ago) - Updated Date
-
2022-10-29 02:49:41
(23 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...