OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

OWASP AntiSamy is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to OWASP AntiSamy prior to1.5.7 are vulnerable.


Bugtraq ID: 105656
Class: Input Validation Error
CVE: CVE-2017-14735

Remote: Yes
Local: No
Published: Sep 25 2017 12:00AM
Updated: Jul 17 2019 07:00AM
Credit: Raj Veerappan
Vulnerable: Oracle WebCenter Sites 11.1.1 8.0
Oracle Retail Returns Management 14.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 13.4
Oracle Retail Returns Management 13.3
Oracle Retail Central Office 14.1
Oracle Retail Central Office 14.0
Oracle Retail Central Office 13.4
Oracle Retail Central Office 13.3
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Retail Back Office 13.4
Oracle Retail Back Office 13.3
Oracle Insurance Policy Administration J2EE 10.2
Oracle Insurance Policy Administration J2EE 10.0
Oracle Insurance Calculation Engine 9.7
Oracle Insurance Calculation Engine 10.2
Oracle Insurance Calculation Engine 10.1
Oracle Insurance Calculation Engine 10.0
Oracle Fusion Middleware MapViewer
Oracle Fusion Middleware MapViewer
Oracle FLEXCUBE Core Banking 11.8
Oracle FLEXCUBE Core Banking 11.7
Oracle FLEXCUBE Core Banking 11.6
Oracle FLEXCUBE Core Banking 5.2
Oracle Banking Platform 2.6.1
Oracle Banking Platform 2.6
Oracle Banking Platform 2.5.0
Oracle Agile PLM 9.3.5
Oracle Agile PLM 9.3.4
Antisamy Project Antisamy 1.5.6
Antisamy Project Antisamy 1.5.4
Antisamy Project Antisamy 1.5.3
Antisamy Project Antisamy 1.5.1
Antisamy Project Antisamy 1.4.4

Not Vulnerable: Antisamy Project Antisamy 1.5.7


An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Related Posts