CVE-2017-14735 β€” Cross-site Scripting in Project Antisamy

CWE-79 β€” Cross-site Scripting10 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.7%
top 28.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Antisamy Project Antisamy
Timeline
PublishedSep 25
Latest updateJul 15

Description

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

πŸ”΄Vulnerability Details

4
OSV
OWASP AntiSamy Cross-site Scripting vulnerability↗2018-10-18
β–Ά
GHSA
OWASP AntiSamy Cross-site Scripting vulnerability↗2018-10-18
β–Ά
OSV
CVE-2017-14735: OWASP AntiSamy before 1β†—2017-09-25
β–Ά
CVEList
CVE-2017-14735: OWASP AntiSamy before 1β†—2017-09-25
β–Ά

πŸ“‹Vendor Advisories

5
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: UI Framework (AntiSamy) β€” CVE-2017-14735β†—2021-07-15
β–Ά
Oracle
Oracle Oracle E-Business Suite Risk Matrix: Attachments, iRecruitment, Contracts (AntiSamy) β€” CVE-2017-14735β†—2021-04-15
β–Ά
Oracle
Oracle Oracle Knowledge Risk Matrix: Web Applications - InfoCenter (AntiSamy) β€” CVE-2017-14735β†—2020-04-15
β–Ά
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (AntiSamy) β€” CVE-2017-14735β†—2020-01-15
β–Ά
Debian
CVE-2017-14735: libowasp-antisamy-java - OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by us...β†—2017
β–Ά
CVE-2017-14735 β€” Cross-site Scripting | cvebase