CVE-2021-35043 vulnerability in Antisamyproject and Other Products
Published on July 19, 2021

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

NVD

Products Associated with CVE-2021-35043

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-35043 are published in these products:

Antisamyproject Antisamy

Oracle Retail Back Office

Oracle Retail Central Office

Oracle Retail Returns Management

Oracle Banking Enterprise Default Managment

Oracle Banking Party Management

Oracle Banking Platform

NetApp Active Iq Unified Manager

Oracle Insurance Policy Administration

Oracle Banking Enterprise Default Management

Oracle Middleware Common Libraries Tools

Exploit Probability

EPSS

0.36%

Percentile

57.32%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-35043 vulnerability in Antisamyproject and Other ProductsPublished on July 19, 2021

Products Associated with CVE-2021-35043

Exploit Probability

CVE-2021-35043 vulnerability in Antisamyproject and Other Products
Published on July 19, 2021