CVE-2025-66021

Name of the Vulnerable Software and Affected Versions OWASP Java HTML Sanitizer versions 20240325.1

Description OWASP Java HTML Sanitizer is vulnerable to Cross-Site Scripting (XSS) when the HtmlPolicyBuilder allows noscript and style tags with allowTextIn enabled within the style tag. This occurs because the sanitizer does not properly sanitize CSS when these conditions are met, potentially allowing malicious scripts to execute. The issue arises when the browser interprets the combination of noscript and style tags in a way that bypasses sanitization, leading to XSS. The vulnerability is triggered when a crafted payload containing script tags within the allowed tags is processed. The issue is edge case and only happens when HtmlPolicyBuilder allows noscript & style tag with allowTextIn inside style tags.

Recommendations Update to a newer version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.