CVE-2016-10006

MEDIUM6.1EPSS 0.54%

OWASP AntiSamy vulnerable to Cross-site Scripting

Published: 10/18/2018Modified: 4/14/2025

Also known as:GHSA-683w-6h9j-57wqDEBIAN-CVE-2016-10006

Description

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.

Affected packages (2)

Debian/libowasp-antisamy-javafrom 0
Maven/org.owasp.antisamy:antisamyfrom 0, < 1.5.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-10006
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-10006
PATCHhttps://github.com/nahsra/antisamy
WEBhttps://github.com/nahsra/antisamy/issues/2
WEBhttps://web.archive.org/web/20170214025813/http://www.securityfocus.com/bid/95101
WEBhttps://web.archive.org/web/20201207192053/http://www.securitytracker.com/id/1037532