CVE-2017-14735

Published September 25th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

1

PROJECT

Description

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.

nahsra/antisamy

a library for performing fast, configurable cleansing of HTML coming from untrusted sources

GitHub

204