CVE-2011-4457

EPSS 0.22%

OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled

Published: 5/17/2022Modified: 12/2/2024

Description

OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.

Affected packages (1)

Maven/com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizerfrom 0, < 88

References (7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-4457
PATCHhttps://github.com/OWASP/java-html-sanitizer
WEBhttp://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457
WEBhttp://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html
WEBhttps://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/change_log.md?plain=1#L103
WEBhttps://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/docs/cve20114457.md
WEBhttps://github.com/OWASP/java-html-sanitizer/commit/2027d3df73f62eb30b7f08269f346989f03144bd