← Back to CVE List

CVE-2022-24891

Published: 2022-04-27T21:15Z
Last Modified: 2024-11-21T06:51Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt