← Back to CVE List

CVE-2023-43643

Published: 2023-10-09T14:15Z
Last Modified: 2024-11-21T08:24Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt