Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wY205LWZwNTUtNTYzds4AAf23
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
Permalink: https://github.com/advisories/GHSA-pcm9-fp55-563vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wY205LWZwNTUtNTYzds4AAf23
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
Identifiers: GHSA-pcm9-fp55-563v, CVE-2011-4457
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4457
- http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457
- http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html
- https://github.com/OWASP/java-html-sanitizer/commit/2027d3df73f62eb30b7f08269f346989f03144bd
- https://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/change_log.md?plain=1#L103
- https://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/docs/cve20114457.md
- https://github.com/advisories/GHSA-pcm9-fp55-563v
Blast Radius: 0.0
Affected Packages
maven:com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
Dependent packages: 76Dependent repositories: 1,155
Downloads:
Affected Version Ranges: < 88
Fixed in: 88
All affected versions:
All unaffected versions: