XSS Vulnerability in OWASP AntiSamy HTML Output Serializer
CVE-2021-35043 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character.
Learn more about our Web Application Penetration Testing UK.