PT-2022-16962 · Esapi+3 · Esapi+3
Published
2022-04-27
·
Updated
2026-04-16
·
CVE-2022-24891
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ESAPI versions prior to 2.3.0.0
Description
There is a potential for a cross-site scripting vulnerability in ESAPI caused by an incorrect regular expression for
onsiteURL in the antisamy-esapi.xml configuration file. This can cause javascript: URLs to fail to be correctly sanitized.Recommendations
For versions prior to 2.3.0.0, update to version 2.3.0.0 or later to resolve the issue.
As a temporary workaround, manually edit the antisamy-esapi.xml configuration files to change the
onsiteURL regular expression.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Esapi
Linuxmint
Ubuntu