Security Advisory

CVE-2021-35043

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-19 14:53:09
Last updated 2024-08-04 00:33:50
Assigner mitre
State PUBLISHED

Description

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.