OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Low severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 19, 2024
Package
Affected versions
< 88
Patched versions
88
Description
Published by the National Vulnerability Database
Nov 17, 2011
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Jan 19, 2024
Last updated
Jan 19, 2024
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
References