XSS Vulnerability in OWASP AntiSamy HTML Output Serializer

XSS Vulnerability in OWASP AntiSamy HTML Output Serializer

CVE-2021-35043 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

Learn more about our Web Application Penetration Testing UK.