mXSS in AntiSamy
Description
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AntiSamy <1.7.4 allows mutation XSS when preserveComments is enabled and certain tags are allowed, enabling comment content to be executed.
Vulnerability
Description AntiSamy versions prior to 1.7.4 contain a mutation XSS (mXSS) vulnerability due to flawed HTML parsing [1]. The issue arises when the preserveComments directive is enabled in the policy file and certain tags are allowed [2]. Under these conditions, a crafted input can cause content within HTML comments to be interpreted as executable code when the sanitized output is used [3].
Exploitation
To exploit this vulnerability, an attacker must be able to provide HTML input that is processed by AntiSamy with a policy that enables comment preservation and allows tags such as `` [3]. The attacker crafts input that leverages the parsing flaw to mutate the HTML in a way that comment data becomes active markup or script [1].
Impact
Successful exploitation allows the attacker to inject arbitrary JavaScript into the sanitized output, leading to cross-site scripting (XSS) attacks when the output is served to users [2]. This can result in session hijacking, data theft, or other malicious actions [3].
Mitigation
The vulnerability is patched in AntiSamy 1.7.4 [4]. As a workaround, users of earlier versions can disable preserveComments or set it to false and remove the `` tag from the policy (or set action to "remove") [3]. However, upgrading to the fixed version is strongly recommended as the workaround does not address the root cause [3].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.owasp.antisamy:antisamyMaven | < 1.7.4 | 1.7.4 |
Affected products
3- Range: <1.7.4
- nahsra/antisamyv5Range: <= 1.7.3
Patches
145c78f1b4de6Final commit for 1.7.4 release.
2 files changed · +7 −4
pom.xml+4 −4 modified@@ -5,7 +5,7 @@ <groupId>org.owasp.antisamy</groupId> <artifactId>antisamy</artifactId> <packaging>jar</packaging> - <version>1.7.4-SNAPSHOT</version> + <version>1.7.4</version> <distributionManagement> <snapshotRepository> @@ -52,7 +52,7 @@ <fluido.version>2.0.0-M7</fluido.version> <gpg.skip>true</gpg.skip><!-- by default skip gpg --> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <project.build.outputTimestamp>2023-04-21T10:00:00Z</project.build.outputTimestamp> + <project.build.outputTimestamp>2023-10-06T21:08:34Z</project.build.outputTimestamp> <project.java.target>1.8</project.java.target> <version.findsecbugs>1.12.0</version.findsecbugs> <version.slf4j>2.0.9</version.slf4j> @@ -73,7 +73,7 @@ <dependency> <groupId>org.htmlunit</groupId> <artifactId>neko-htmlunit</artifactId> - <version>3.5.0</version> + <version>3.6.0</version> </dependency> <dependency> <groupId>org.apache.httpcomponents.client5</groupId> @@ -116,7 +116,7 @@ <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> - <version>2.13.0</version> + <version>2.14.0</version> </dependency> <dependency> <groupId>org.slf4j</groupId>
SECURITY.md+3 −0 modified@@ -33,8 +33,11 @@ These are the known CVEs reported for AntiSamy: * AntiSamy CVE #3 - CVE-2021-35043: XSS via HTML attributes using : as replacement for : character before v1.6.4 - https://www.cvedetails.com/cve/CVE-2021-35043 * AntiSamy CVE #4 - CVE-2022-28367: AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content. https://www.cvedetails.com/cve/CVE-2022-28367. NOTE: This release only included a PARTIAL fix. * AntiSamy CVE #5 - CVE-2022-29577: AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content. - https://www.cvedetails.com/cve/CVE-2022-29577. This is the complete fix to the previous CVE. +* AntiSamy CVE #6 - CVE-2023-43643: AntiSamy before 1.7.4 subject to mXSS when preserving comments. - https://www.cvedetails.com/cve/CVE-2023-43643 CVEs in AntiSamy dependencies: * AntiSamy prior to 1.6.6 used the old CyberNeko HTML library v1.9.22, which is subject to https://www.cvedetails.com/cve/CVE-2022-28366 and no longer maintained. AntiSamy 1.6.6 upgraded to an active fork of CyberNeko called HtmlUnit-Neko which fixed this CVE in v2.27 of that library. AntiSamy 1.6.6 upgraded to version 2.60.0 of HtmlUnit-Neko. * AntiSamy 1.6.8 upgraded to HtmlUnit-Neko v2.61.0 because v2.60.0 is subject to https://www.cvedetails.com/cve/CVE-2022-29546 * AntiSamy 1.7.3 upgraded to HtmlUnit-Neko v3.1.0 because all versions prior to 3.0.0 are subject to https://www.cvedetails.com/cve/CVE-2023-26119 +* AntiSamy 1.7.4 upgraded to batik-css v1.17 because batik-css:1.16 is subject to https://www.cvedetails.com/cve/CVE-2022-44729 +
Vulnerability mechanics
Root cause
"Flawed parsing of HTML comments by the underlying HTML parser (neko-htmlunit) allows elements inside comment tags to be interpreted as executable markup when preserveComments is enabled."
Attack vector
An attacker crafts HTML input containing elements (e.g., script or img tags) placed inside HTML comment markers. When AntiSamy processes this input with `preserveComments` enabled and certain tags allowed, the flawed parser fails to properly treat the comment content as inert. As a result, the sanitized output contains executable elements that were intended to be commented out, leading to mutation XSS (mXSS) [CWE-79]. The attack requires no authentication and is delivered via any vector that feeds untrusted HTML to the application (e.g., user-generated content, form submissions).
Affected code
The vulnerability is in the HTML parsing logic of the AntiSamy library when the `preserveComments` directive is enabled. The flawed parsing occurs because the underlying HTML parser (HtmlUnit-Neko) does not correctly handle elements nested inside HTML comments, causing them to be interpreted as executable markup after sanitization. The patch upgrades the neko-htmlunit dependency from version 3.5.0 to 3.6.0 [patch_id=1640586], indicating the fix lies in the updated parser's comment-handling behavior.
What the fix does
The patch upgrades the neko-htmlunit dependency from version 3.5.0 to 3.6.0 [patch_id=1640586]. This newer version of the HTML parser corrects how it handles elements nested inside HTML comments, preventing comment content from being misinterpreted as active markup. The advisory confirms that the vulnerability only manifests when `preserveComments` is enabled, so the fix ensures the parser treats comment boundaries correctly regardless of that setting. No changes to AntiSamy's own scanning logic were needed; the root cause was in the third-party parser's comment handling.
Preconditions
- configThe preserveComments directive must be enabled in the AntiSamy policy file.
- configThe policy must allow certain HTML tags (e.g., script, img, or other active elements) to pass through.
- inputThe attacker must be able to supply untrusted HTML input to the application using AntiSamy.
Generated on May 23, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-pcf2-gh6g-h5r2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-43643ghsaADVISORY
- github.com/nahsra/antisamy/releases/tag/v1.7.4ghsax_refsource_MISCWEB
- github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.