- CVE ID
- CVE-2017-14735
- CVE Description
- OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
- Published
- Nov 6, 2017
- CVSS Score & Severity
6.1Medium
- CVSS Vector
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- EPSS Score
- 0.684%
- KEV Status
Not in KEV Catalog: No known exploits
- Vulnerable Methods
org/owasp/validator/html/Policy.getAllowedRegexp3(Ljava/util/Map;Lorg/w3c/dom/Element;Ljava/lang/String;)Ljava/util/List;JVMVulnerable params: 0
org/owasp/validator/html/Policy.getAllowedRegexps(Ljava/util/Map;Lorg/w3c/dom/Element;)Ljava/util/List;JVMVulnerable params: 0
org/owasp/validator/html/Policy.getAllowedRegexps2(Ljava/util/Map;Lorg/w3c/dom/Element;Ljava/lang/String;)Ljava/util/List;JVMVulnerable params: 0
org/owasp/validator/html/Policy.parseCSSRules(Lorg/w3c/dom/Element;)Ljava/util/HashMap;JVMVulnerable params: 0
org/owasp/validator/html/Policy.parseCommonAttributes(Lorg/w3c/dom/Element;)Ljava/util/HashMap;JVMVulnerable params: 0
org/owasp/validator/html/Policy.parseTagRules(Lorg/w3c/dom/Element;)Ljava/util/HashMap;JVMVulnerable params: 0
- Source
- National Vulnerability Database