The OWASP AntiSamy project is a collection of APIs for safely allowing users to supply their own HTML
and CSS without exposing the site to XSS vulnerabilities.
Path to vulnerable library: /target/easybuggy-1-SNAPSHOT/WEB-INF/lib/antisamy-1.5.3.jar,/home/wss-scanner/.m2/repository/org/owasp/antisamy/antisamy/1.5.3/antisamy-1.5.3.jar
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
CVE-2016-10006 - Medium Severity Vulnerability
The OWASP AntiSamy project is a collection of APIs for safely allowing users to supply their own HTML and CSS without exposing the site to XSS vulnerabilities.
Library home page: http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
Path to dependency file: /pom.xml
Path to vulnerable library: /target/easybuggy-1-SNAPSHOT/WEB-INF/lib/antisamy-1.5.3.jar,/home/wss-scanner/.m2/repository/org/owasp/antisamy/antisamy/1.5.3/antisamy-1.5.3.jar
Dependency Hierarchy: - :x: **antisamy-1.5.3.jar** (Vulnerable Library)
Found in HEAD commit: de9bd69f8fa02004a04b8a5c56b6f39edca97ea4
Found in base branch: main
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Publish Date: 2016-12-24
URL: CVE-2016-10006
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10006
Release Date: 2016-12-24
Fix Resolution: 1.5.5
:rescue_worker_helmet: Automatic Remediation is available for this issue