Ironfisto

**Name of the Vulnerable Software and Affected Versions** OWASP Java HTML Sanitizer versions 20240325.1 **Description** OWASP Java HTML Sanitizer is vulnerable to Cross-Site Scripting (XSS) when the HtmlPolicyBuilder allows `noscript` and `style` tags with `allowTextIn` enabled within the `style` tag. This occurs because the sanitizer does not properly sanitize CSS when these conditions are met, potentially allowing malicious scripts to execute. The issue arises when the browser interprets the combination of `noscript` and `style` tags in a way that bypasses sanitization, leading to XSS. The vulnerability is triggered when a crafted payload containing script tags within the allowed tags is processed. The issue is edge case and only happens when HtmlPolicyBuilder allows `noscript` & `style` tag with `allowTextIn` inside style tags. **Recommendations** Update to a newer version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.