CVE-2017-14735
published 2017-09-25CVE-2017-14735: OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
PriorityP425medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.66%
73.8th percentile
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| antisamy_project | antisamy | < 1.5.7 | 1.5.7 |
| debian | libowasp-antisamy-java | < libowasp-antisamy-java 1.7.4-1 (forky) | libowasp-antisamy-java 1.7.4-1 (forky) |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_oracle6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: UI Framework (AntiSamy) — CVE-2017-14735
vendor_oracle·2021-07-15·CVSS 6.1
CVE-2017-14735 [MEDIUM] Oracle Oracle Enterprise Manager Risk Matrix: UI Framework (AntiSamy) — CVE-2017-14735
Oracle Oracle Enterprise Manager Risk Matrix: UI Framework (AntiSamy) vulnerability
CVE: CVE-2017-14735
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2021 (JUL 2021)
Oracle
Oracle Oracle E-Business Suite Risk Matrix: Attachments, iRecruitment, Contracts (AntiSamy) — CVE-2017-14735
vendor_oracle·2021-04-15·CVSS 6.1
CVE-2017-14735 [MEDIUM] Oracle Oracle E-Business Suite Risk Matrix: Attachments, iRecruitment, Contracts (AntiSamy) — CVE-2017-14735
Oracle Oracle E-Business Suite Risk Matrix: Attachments, iRecruitment, Contracts (AntiSamy) vulnerability
CVE: CVE-2017-14735
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2021 (APR 2021)
Oracle
Oracle Oracle Knowledge Risk Matrix: Web Applications - InfoCenter (AntiSamy) — CVE-2017-14735
vendor_oracle·2020-04-15·CVSS 6.1
CVE-2017-14735 [MEDIUM] Oracle Oracle Knowledge Risk Matrix: Web Applications - InfoCenter (AntiSamy) — CVE-2017-14735
Oracle Oracle Knowledge Risk Matrix: Web Applications - InfoCenter (AntiSamy) vulnerability
CVE: CVE-2017-14735
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2020 (APR 2020)
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (AntiSamy) — CVE-2017-14735
vendor_oracle·2020-01-15·CVSS 6.1
CVE-2017-14735 [MEDIUM] Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (AntiSamy) — CVE-2017-14735
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (AntiSamy) vulnerability
CVE: CVE-2017-14735
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2020 (JAN 2020)
Debian
CVE-2017-14735: libowasp-antisamy-java - OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by us...
vendor_debian·2017·CVSS 6.1
CVE-2017-14735 [MEDIUM] CVE-2017-14735: libowasp-antisamy-java - OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by us...
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.7.4-1)
sid: resolved (fixed in 1.7.4-1)
trixie: resolved (fixed in 1.7.4-1)
OSV
OWASP AntiSamy Cross-site Scripting vulnerability
osv·2018-10-18
CVE-2017-14735 [MEDIUM] OWASP AntiSamy Cross-site Scripting vulnerability
OWASP AntiSamy Cross-site Scripting vulnerability
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
GHSA
OWASP AntiSamy Cross-site Scripting vulnerability
ghsa·2018-10-18
CVE-2017-14735 [MEDIUM] CWE-79 OWASP AntiSamy Cross-site Scripting vulnerability
OWASP AntiSamy Cross-site Scripting vulnerability
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
OSV
CVE-2017-14735: OWASP AntiSamy before 1
osv·2017-09-25·CVSS 6.1
CVE-2017-14735 [MEDIUM] CVE-2017-14735: OWASP AntiSamy before 1
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/105656https://github.com/nahsra/antisamy/issues/10https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/105656https://github.com/nahsra/antisamy/issues/10https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
2017-09-25
Published