CVE-2021-35043

CVSS v3.1 6.1 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.09 % (41^th)

Affected Products 11

Advisories 1

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-07-19 15:15:07
(3 years ago)
Updated Date: 2022-10-29 02:49:41
(23 months ago)

Affected Products

Antisamy Project

Antisamy

Netapp

Active Iq Unified Manager

Oracle

Configuration #1

		CPE23	From	Up To
	Antisamy Project Antisamy prior 1.6.4 version	cpe:2.3:a:antisamy_project:antisamy		< 1.6.4

Configuration #2

		CPE23	From	Up To
	Oracle Retail Back Office 14.0	cpe:2.3:a:oracle:retail_back_office:14.0
	Oracle Retail Back Office 14.1	cpe:2.3:a:oracle:retail_back_office:14.1
	Oracle Retail Central Office 14.0	cpe:2.3:a:oracle:retail_central_office:14.0
	Oracle Retail Central Office 14.1	cpe:2.3:a:oracle:retail_central_office:14.1
	Oracle Retail Returns Management 14.0	cpe:2.3:a:oracle:retail_returns_management:14.0
	Oracle Retail Returns Management 14.1	cpe:2.3:a:oracle:retail_returns_management:14.1

Configuration #3

	CPE23	From	Up To
Oracle Banking Enterprise Default Management 2.6.2	cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2
Oracle Banking Enterprise Default Management 2.7.0	cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0
Oracle Banking Enterprise Default Management 2.7.1	cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1
Oracle Banking Enterprise Default Management 2.10.0	cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0
Oracle Banking Enterprise Default Management 2.12.0	cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0
Oracle Banking Enterprise Default Managment from 2.3.0 version and 2.4.0 and prior versions	cpe:2.3:a:oracle:banking_enterprise_default_managment	>= 2.3.0	<= 2.4.0
Oracle Banking Party Management 2.7.0	cpe:2.3:a:oracle:banking_party_management:2.7.0
Oracle Banking Platform from 2.3.0 version and 2.4.1 and prior versions	cpe:2.3:a:oracle:banking_platform	>= 2.3.0	<= 2.4.1
Oracle Banking Platform 2.6.2	cpe:2.3:a:oracle:banking_platform:2.6.2
Oracle Banking Platform 2.7.0	cpe:2.3:a:oracle:banking_platform:2.7.0
Oracle Banking Platform 2.7.1	cpe:2.3:a:oracle:banking_platform:2.7.1
Oracle Insurance Policy Administration 11.0.2	cpe:2.3:a:oracle:insurance_policy_administration:11.0.2
Oracle Insurance Policy Administration 11.1.0	cpe:2.3:a:oracle:insurance_policy_administration:11.1.0
Oracle Insurance Policy Administration 11.2.8	cpe:2.3:a:oracle:insurance_policy_administration:11.2.8
Oracle Insurance Policy Administration 11.3.0	cpe:2.3:a:oracle:insurance_policy_administration:11.3.0
Oracle Insurance Policy Administration 11.3.1	cpe:2.3:a:oracle:insurance_policy_administration:11.3.1
Oracle Middleware Common Libraries And Tools 12.2.1.3.0	cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0
Oracle Middleware Common Libraries And Tools 12.2.1.4.0	cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0

Configuration #4

		CPE23	From	Up To
	Netapp Active Iq Unified Manager for Linux	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux
	Netapp Active Iq Unified Manager for Vmware Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere
	Netapp Active Iq Unified Manager for Windows	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows