CVE-2020-13973

MEDIUM

OWASP json-sanitizer < 1.2.1 - Cross-Site Scripting via SCRIPT Element Confusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-13973. PoCs published by shoucheng3, epicosy.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2020-13973, which involves a vulnerability in the OWASP JSON Sanitizer. The exploit demonstrates how the sanitizer can be bypassed to execute arbitrary JavaScript code, leading to potential XSS attacks.

Description

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.

Exploits (2)

nomisec WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/OWASP__json-sanitizer_CVE-2020-13973_1-2-0

This repository contains a proof-of-concept for CVE-2020-13973, which involves a vulnerability in the OWASP JSON Sanitizer. The exploit demonstrates how the sanitizer can be bypassed to execute arbitrary JavaScript code, leading to potential XSS attacks.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: OWASP JSON Sanitizer version 1.2.0
No auth needed
Prerequisites: Access to a web application using the vulnerable OWASP JSON Sanitizer
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by epicosy · poc
https://github.com/epicosy/json-sanitizer

This repository contains documentation and release scripts for the OWASP JSON Sanitizer library, which converts JSON-like content to valid JSON. It does not include exploit code but provides context on the library's purpose and security considerations.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: OWASP JSON Sanitizer (version not specified)
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/OWASP/json-sanitizer/pull/20

Scores

CVSS v3 6.1
EPSS 0.0112
EPSS Percentile 61.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
com.mikesamuel/json-sanitizer 0 - 1.2.1Maven
owasp/json-sanitizer < 1.2.1
Published Jun 09, 2020
Tracked Since Feb 18, 2026