esapi is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization use in the onsiteURL
regular expression of antisamy-esapi.xml
, allowing an attacker to inject and execute malicious javascript
github.com/advisories/GHSA-q77q-vx4q-xx6q
github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf
github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
github.com/ESAPI/esapi-java-legacy/commit/9473bf4676d2b28fee93ee059099a4f4e707dc51
github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
security.netapp.com/advisory/ntap-20230127-0014/
www.oracle.com/security-alerts/cpujul2022.html