CVE-2021-35043

Name of the Vulnerable Software and Affected Versions OWASP AntiSamy versions prior to 1.6.4

Description The issue allows for cross-site scripting (XSS) attacks via HTML attributes when using the HTML output serializer. This was demonstrated by a javascript: URL, where the colon character was replaced. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks, potentially allowing them to execute malicious scripts on a user's browser.

Recommendations For OWASP AntiSamy versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTML attributes in the HTML output serializer to minimize the risk of exploitation.