CVE-2021-42575

CRITICAL

OWASP Java HTML Sanitizer <20211018.1 - XSS

Title source: llm
STIX 2.1

Description

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 9.8
EPSS 0.0072
EPSS Percentile 72.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (9)
com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer 0 - 20211018.1Maven
oracle/middleware_common_libraries_and_tools 12.2.1.3.0
oracle/middleware_common_libraries_and_tools 12.2.1.4.0
oracle/primavera_unifier 18.8
oracle/primavera_unifier 19.12
oracle/primavera_unifier 20.12
oracle/primavera_unifier 21.12
oracle/primavera_unifier 17.7 - 17.12
owasp/java_html_sanitizer < 20211018.2
Published Oct 18, 2021
Tracked Since Feb 18, 2026