CVE-2011-4457

EPSS 0.22%

OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled

發布日:2022/5/17修改日:2024/12/2

描述

OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.

受影響套件(1)

Maven/com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizerfrom 0, < 88

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-4457
PATCHhttps://github.com/OWASP/java-html-sanitizer
WEBhttp://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457
WEBhttp://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html
WEBhttps://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/change_log.md?plain=1#L103
WEBhttps://github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/docs/cve20114457.md
WEBhttps://github.com/OWASP/java-html-sanitizer/commit/2027d3df73f62eb30b7f08269f346989f03144bd