Medium severity6.1NVD Advisory· Published Sep 25, 2017· Updated May 13, 2026
CVE-2017-14735
CVE-2017-14735
Description
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.owasp.antisamy:antisamyMaven | < 1.5.7 | 1.5.7 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- github.com/advisories/GHSA-q44v-xc3g-v7jqghsaADVISORY
- github.com/nahsra/antisamy/issues/10nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-14735ghsaADVISORY
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvdWEB
- www.securityfocus.com/bid/105656nvdWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdWEB
- www.oracle.com/security-alerts/cpuapr2020.htmlnvdWEB
- www.oracle.com/security-alerts/cpujan2020.htmlnvdWEB
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvdWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdWEB
- www.oracle.com//security-alerts/cpujul2021.htmlnvd
News mentions
0No linked articles in our index yet.