GHSA-pcm9-fp55-563v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pcm9-fp55-563v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pcm9-fp55-563v/GHSA-pcm9-fp55-563v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pcm9-fp55-563v
- Aliases
-
- CVE-2011-4457
- Published
- 2022-05-17T05:36:48Z
- Modified
- 2024-12-02T05:41:41.690237Z
- Summary
- OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
- Details
-
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
- Database specific
{ "nvd_published_at": "2011-11-17T23:55:00Z", "cwe_ids": [ "CWE-200" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-01-19T17:48:40Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-4457
- https://github.com/OWASP/java-html-sanitizer/commit/2027d3df73f62eb30b7f08269f346989f03144bd
- https://github.com/OWASP/java-html-sanitizer
- https://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/change_log.md?plain=1#L103
- https://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/docs/cve20114457.md
- http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457
- http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html
Affected packages
Maven / com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
Package
- Name
- com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
- View open source insights on deps.dev
- Purl
- pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer