CVE-2011-4457

OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.

Published Bycve@mitre.org

Published DateNov 17, 2011, 23:55

Affected Versions(1)

com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer(Maven)

Introduced0

Fixed88

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer(Maven)	0	88	N/A

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

2.6

Vector String

AV:N/AC:H/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

2.6

Vector String

AV:N/AC:H/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE