Lucene search
Veracode Vulnerability DatabaseVERACODE:35285HistoryApr 28, 2022 - 3:28 a.m.
Cross-site Scripting (XSS)
2022-04-2803:28:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
0.002 Low
EPSS
Percentile
55.9%
esapi is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization use in the onsiteURL regular expression of antisamy-esapi.xml, allowing an attacker to inject and execute malicious javascript
References
github.com/advisories/GHSA-q77q-vx4q-xx6q
github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf
github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
github.com/ESAPI/esapi-java-legacy/commit/9473bf4676d2b28fee93ee059099a4f4e707dc51
github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
security.netapp.com/advisory/ntap-20230127-0014/
www.oracle.com/security-alerts/cpujul2022.html
Related
osv
osv
CVE-2022-24891
2022-04-27 21:15:08
Cross-site Scripting in org.owasp.esapi:esapi
2022-04-27 21:09:46
nvd
nvd
CVE-2022-24891
2022-04-27 21:15:08
prion
prion
Cross site scripting
2022-04-27 21:15:00
cve
cve
CVE-2022-24891
2022-04-27 21:15:08
github
github
Cross-site Scripting in org.owasp.esapi:esapi
2022-04-27 21:09:46
cnvd
cnvd
OWASP ESAPI Cross-Site Scripting Vulnerability
2022-04-29 00:00:00
ubuntucve
ubuntucve
CVE-2022-24891
2022-04-27 00:00:00
cvelist
cvelist
debiancve
debiancve
CVE-2022-24891
2022-04-27 21:15:08
nessus
nessus
Oracle Business Intelligence Publisher (OBIEE) (July 2023 CPU)
2023-07-21 00:00:00
Oracle Oracle Database Server (Jul 2022 CPU)
2022-07-22 00:00:00
Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)
2023-07-21 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00