Esapi Esapi-Java-Legacy vulnerabilities

CVE-2025-5878 [MEDIUM] CWE-20 CVE-2025-5878: A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affec A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been disclosed to the public. The project was contacted early a

CVE-2022-24891 [MEDIUM] CWE-79 CVE-2022-24891: ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control l ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail