CVE-2017-14735

MEDIUM

OWASP AntiSamy <1.5.7 - XSS

Title source: llm

Description

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.

Exploits (1)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/nahsra__antisamy_CVE-2017-14735_1-5-6

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

[Issue Tracking, Third Party Advisory] https://github.com/nahsra/antisamy/issues/10

[Vendor Advisory] https://www.oracle.com//security-alerts/cpujul2021.html

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuApr2021.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105656

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

[Vendor Advisory] https://www.oracle.com/security-alerts/cpujan2020.html

[Vendor Advisory] https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

[Vendor Advisory] https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Scores

CVSS v3 6.1

EPSS 0.0068

EPSS Percentile 71.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

antisamy_project/antisamy < 1.5.7

org.owasp.antisamy/antisamy 0 - 1.5.7Maven

Published Sep 25, 2017

Tracked Since Feb 18, 2026