jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve
function in StringUtil.java
because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks
is enabled which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
jsoup java html parser | le | 1.11.3 | |
jsoup java html parser | le | 1.15.2 | |
jsoup java html parser | le | 1.11.3 | |
jsoup java html parser | le | 1.15.2 |