AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.owasp.antisamy:antisamy(Maven) | 0 | 1.7.5 | N/A |
CVSS Metrics
