Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4457

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-4457
Last Modified 18 Nov 2011 12:00:00
Published 17 Nov 2011 06:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-4457

Summary

OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.

Vulnerable Systems

Application

  • Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 42

  • Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 48

  • Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 50

  • Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 74

  • Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 83


References

CONFIRM - http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457

CONFIRM - http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html


Last Updated: 27 May 2016 10:57:48