CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:owasp:json-sanitizer:*:*:*:*:*:*:*:*

Information

Published : 2021-01-13 08:15

Updated : 2021-01-19 10:45


NVD link : CVE-2021-23899

Mitre link : CVE-2021-23899


JSON object : View

CWE
CWE-611

Improper Restriction of XML External Entity Reference

Advertisement

dedicated server usa

Products Affected

owasp

  • json-sanitizer