Maven package
com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer
pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66021 | — | >= 20240325.1, < 20260101.1 | 20260101.1 | Nov 26, 2025 | OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows n | ||
| CVE-2021-42575 | — | < 20211018.1 | 20211018.1 | Oct 18, 2021 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | ||
| CVE-2011-4457 | — | < 88 | 88 | Nov 17, 2011 | OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. |
- CVE-2025-66021Nov 26, 2025affected >= 20240325.1, < 20260101.1fixed 20260101.1
OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows n
- CVE-2021-42575Oct 18, 2021affected < 20211018.1fixed 20211018.1
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
- CVE-2011-4457Nov 17, 2011affected < 88fixed 88
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.