CVE-2024-23635

Name of the Vulnerable Software and Affected Versions AntiSamy versions prior to 1.7.5

Description The issue is related to a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. This vulnerability can be exploited when the preserveComments directive is enabled in the policy file, allowing certain crafty inputs to result in elements in comment tags being interpreted as executable.

Recommendations For versions prior to 1.7.5, update to AntiSamy 1.7.5 or later to resolve the issue. As a temporary workaround, manually edit the AntiSamy policy file by deleting the preserveComments directive or setting its value to false, if present.