Vulnerabilities > Antisamy Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2024-23635 | Cross-site Scripting vulnerability in Antisamy Project Antisamy AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. | 6.1 |
| 2023-10-09 | CVE-2023-43643 | Cross-site Scripting vulnerability in Antisamy Project Antisamy AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. | 6.1 |
| 2022-04-21 | CVE-2022-28366 | Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. | 7.5 |
| 2022-04-21 | CVE-2022-28367 | Cross-site Scripting vulnerability in Antisamy Project Antisamy OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. | 4.3 |
| 2022-04-21 | CVE-2022-29577 | Cross-site Scripting vulnerability in multiple products OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. | 6.1 |
| 2021-07-19 | CVE-2021-35043 | Cross-site Scripting vulnerability in multiple products OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). | 6.1 |
| 2017-09-25 | CVE-2017-14735 | Cross-site Scripting vulnerability in Antisamy Project Antisamy OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | 4.3 |
| 2016-12-24 | CVE-2016-10006 | Cross-site Scripting vulnerability in Antisamy Project Antisamy In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. | 4.3 |