OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| owasp-java-html-sanitizer_project | owasp-java-html-sanitizer | 50 |
| owasp-java-html-sanitizer_project | owasp-java-html-sanitizer | 74 |
| owasp-java-html-sanitizer_project | owasp-java-html-sanitizer | * |
| owasp-java-html-sanitizer_project | owasp-java-html-sanitizer | 48 |
| owasp-java-html-sanitizer_project | owasp-java-html-sanitizer | 42 |