AntiSamy Project AntiSamy 1.7.4

CPE Details

AntiSamy Project AntiSamy 1.7.4
1.7.4
2023-11-03
17h11 +00:00
2023-11-03
17h11 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:antisamy_project:antisamy:1.7.4:*:*:*:*:*:*:*

Informations

Vendor

antisamy_project

Product

antisamy

Version

1.7.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-23635 2024-02-02 16h32 +00:00 AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later.
6.1
Medium