Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mXSS in AntiSamy
Vulnerability Description
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
OWASP AntiSamy 跨站脚本漏洞
Vulnerability Description
OWASP AntiSamy是美国OWASP基金会的一个用于HTML和CSS编码的库。 OWASP AntiSamy 1.7.4 之前版本存在跨站脚本漏洞,该漏洞源于对被清理的 HTML 解析错误,某些输入可能会导致注释标记中的元素被解释为可执行文件。
CVSS Information
N/A
Vulnerability Type
N/A