CVE-2023-43643

CVSS V2 None CVSS V3 None
Description
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later.
Overview
  • CVE ID
  • CVE-2023-43643
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-10-09T13:31:46.324Z
  • Last Modified Date
  • 2023-10-09T13:31:46.324Z
History
Created Old Value New Value Data Type Notes
2024-06-25 16:07:49 Added to TrackCVE