Vulnerability Details CVE-2017-14735
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/105656
- https://github.com/nahsra/antisamy/issues/10
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/105656
- https://github.com/nahsra/antisamy/issues/10
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Products affected by CVE-2017-14735
-
cpe:2.3:a:antisamy_project:antisamy:-
-
cpe:2.3:a:antisamy_project:antisamy:1.4.1
-
cpe:2.3:a:antisamy_project:antisamy:1.4.2
-
cpe:2.3:a:antisamy_project:antisamy:1.4.3
-
cpe:2.3:a:antisamy_project:antisamy:1.4.4
-
cpe:2.3:a:antisamy_project:antisamy:1.4.5
-
cpe:2.3:a:antisamy_project:antisamy:1.5
-
cpe:2.3:a:antisamy_project:antisamy:1.5.1
-
cpe:2.3:a:antisamy_project:antisamy:1.5.2
-
cpe:2.3:a:antisamy_project:antisamy:1.5.3
-
cpe:2.3:a:antisamy_project:antisamy:1.5.5
-
cpe:2.3:a:antisamy_project:antisamy:1.5.6