CVE-2016-10006
published 2016-12-24CVE-2016-10006: In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
2.04%
78.7th percentile
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| antisamy_project | antisamy | < 1.5.5 | 1.5.5 |
| debian | libowasp-antisamy-java | < libowasp-antisamy-java 1.7.4-1 (forky) | libowasp-antisamy-java 1.7.4-1 (forky) |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2016-10006: libowasp-antisamy-java - In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag t...
vendor_debian·2016·CVSS 6.1
CVE-2016-10006 [MEDIUM] CVE-2016-10006: libowasp-antisamy-java - In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag t...
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.7.4-1)
sid: resolved (fixed in 1.7.4-1)
trixie: resolved (fixed in 1.7.4-1)
GHSA
OWASP AntiSamy vulnerable to Cross-site Scripting
ghsa·2018-10-18
CVE-2016-10006 [MEDIUM] CWE-79 OWASP AntiSamy vulnerable to Cross-site Scripting
OWASP AntiSamy vulnerable to Cross-site Scripting
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
OSV
OWASP AntiSamy vulnerable to Cross-site Scripting
osv·2018-10-18
CVE-2016-10006 [MEDIUM] OWASP AntiSamy vulnerable to Cross-site Scripting
OWASP AntiSamy vulnerable to Cross-site Scripting
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
OSV
CVE-2016-10006: In OWASP AntiSamy before 1
osv·2016-12-24·CVSS 6.1
CVE-2016-10006 [MEDIUM] CVE-2016-10006: In OWASP AntiSamy before 1
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-12-24
Published