CVE-2024-23635

CVSS V2 None CVSS V3 None
Description
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later.
Overview
  • CVE ID
  • CVE-2024-23635
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-02-02T16:32:50.470Z
  • Last Modified Date
  • 2024-06-04T17:46:02.094Z
References
Reference URL Reference Tags
https://github.com/nahsra/antisamy/security/advisories/GHSA-2mrq-w8pv-5pvq x_refsource_CONFIRM
History
Created Old Value New Value Data Type Notes
2024-06-26 07:27:10 Added to TrackCVE