CVE-2017-14735

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-14735
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14735.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-14735
Aliases
Downstream
Published
2017-09-25T21:29:01.147Z
Modified
2026-03-14T14:26:39.182386Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

References

Affected packages

Git / github.com/nahsra/antisamy

Affected ranges

Type
GIT
Repo
https://github.com/nahsra/antisamy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e76f02a77afb4e43b897f13d17b5bc1260b8afde
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.5.7"
        }
    ]
}

Database specific

vanir_signatures 
[
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2017-14735-89145a1f",
        "target": {
            "file": "src/main/java/org/owasp/validator/html/Policy.java",
            "function": "getAllowedRegexp3"
        },
        "digest": {
            "length": 684.0,
            "function_hash": "38296343665256146800925089512624014727"
        },
        "signature_version": "v1",
        "source": "https://github.com/nahsra/antisamy/commit/e76f02a77afb4e43b897f13d17b5bc1260b8afde"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2017-14735-8d573449",
        "target": {
            "file": "src/main/java/org/owasp/validator/html/Policy.java",
            "function": "getAllowedRegexps2"
        },
        "digest": {
            "length": 759.0,
            "function_hash": "76597168863106377542647729149058117795"
        },
        "signature_version": "v1",
        "source": "https://github.com/nahsra/antisamy/commit/e76f02a77afb4e43b897f13d17b5bc1260b8afde"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2017-14735-8e1b45c1",
        "target": {
            "file": "src/main/java/org/owasp/validator/html/Policy.java",
            "function": "getAllowedRegexps"
        },
        "digest": {
            "length": 468.0,
            "function_hash": "167713688936496554436135219004778559751"
        },
        "signature_version": "v1",
        "source": "https://github.com/nahsra/antisamy/commit/e76f02a77afb4e43b897f13d17b5bc1260b8afde"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2017-14735-ce6619a3",
        "target": {
            "file": "src/test/java/org/owasp/validator/html/test/AntiSamyTest.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "242531706664678322907281439899221657676",
                "322691654413139166161554642784435458311",
                "228770665606969391725818882221754407565"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/nahsra/antisamy/commit/e76f02a77afb4e43b897f13d17b5bc1260b8afde"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2017-14735-e9081517",
        "target": {
            "file": "src/main/java/org/owasp/validator/html/Policy.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "271525121681651893513839874238978229753",
                "18675375935326488206589624885872683268",
                "102603548094287090460624544441835130286",
                "41577185623837350039340829383570385626",
                "310904760357819484382505909129259233694",
                "51346120417515236278405513067204420577",
                "17406302407210611452030258004537583234",
                "56778795395865919091385706337229722504",
                "316638454160605210019617571828174260255",
                "107525156843728149306753171115678345524",
                "14338240203206133259523620347968423897",
                "283506607799821166973776225566955992840",
                "46414615038259352784909742382973281284",
                "6367814173963641991548439279134737768",
                "328413022229623117742666725410465050829",
                "177210424874647179974513469347005037185",
                "227499033979104965914267531684915421522",
                "317753652799255677328116778938022739424",
                "91966842981012729468032373849709212680",
                "274401988018137917952926441252139022300",
                "245751105935388936167307621259283780701",
                "87310882647633789524284397786924814989",
                "15110741443156493075848407544006614224"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/nahsra/antisamy/commit/e76f02a77afb4e43b897f13d17b5bc1260b8afde"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14735.json"