Low severityNVD Advisory· Published Nov 17, 2011· Updated Jun 16, 2026
CVE-2011-4457
CVE-2011-4457
Description
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizerMaven | < 88 | 88 |
Affected products
6cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:*:*:*:*:*:*:*:*range: <=83
- cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:42:*:*:*:*:*:*:*
- cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:48:*:*:*:*:*:*:*
- cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:50:*:*:*:*:*:*:*
- cpe:2.3:a:owasp-java-html-sanitizer_project:owasp-java-html-sanitizer:74:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457nvdPatchWEB
- github.com/advisories/GHSA-pcm9-fp55-563vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4457ghsaADVISORY
- owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.htmlnvdWEB
- github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/change_log.mdghsaWEB
- github.com/OWASP/java-html-sanitizer/blob/35c506cfd452dba634202f13a7cc2e2a63ad7ee0/docs/cve20114457.mdghsaWEB
- github.com/OWASP/java-html-sanitizer/commit/2027d3df73f62eb30b7f08269f346989f03144bdghsaWEB
News mentions
0No linked articles in our index yet.