com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizerpage 1 of 1
- CVE-2011-4457NONECVSS 0.0EG 0.0✓ Fixed in 882011-11-17
vulnerable: 1.1 ... r239 (11 versions)
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
- CVE-2021-42575CRITICALCVSS 9.8EG 9.8✓ Fixed in 20211018.12021-10-18
vulnerable: 1.1 ... r239 (35 versions)
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
- CVE-2025-66021MEDIUMCVSS 6.1EG 6.1✓ Fixed in 20260101.12025-11-26
vulnerable: 20240325.1
OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulner…
Check whether com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer CVEs against the assets you own.
Start Free Scan →