Medium severity6.1NVD Advisory· Published Dec 24, 2016· Updated May 6, 2026
CVE-2016-10006
CVE-2016-10006
Description
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.owasp.antisamy:antisamyMaven | < 1.5.5 | 1.5.5 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/nahsra/antisamy/issues/2nvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/95101nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037532nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-683w-6h9j-57wqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10006ghsaADVISORY
- web.archive.org/web/20170214025813/http://www.securityfocus.com/bid/95101ghsaWEB
- web.archive.org/web/20201207192053/http://www.securitytracker.com/id/1037532ghsaWEB
News mentions
0No linked articles in our index yet.