The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOracle Middleware Common Libraries And Tools
APPOracle12.2.1.3.012.2.1.4.0Oracle Primavera Unifier
APPOracle18.819.1220.1221.1217.7 – 17.12Owasp Java Html Sanitizer
APPOwasp< 20211018.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2022-23305CRITICAL9.8ten sam produkt
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the val...
CVE-2021-23926CRITICAL9.1ten sam produkt
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user fro...
CVE-2020-25020CRITICAL9.8ten sam produkt
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
CVE-2020-9547CRITICAL9.8ten sam produkt
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and ty...
CVE-2020-9546CRITICAL9.8ten sam produkt
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and ty...