CVE-2023-51652 (GCVE-0-2023-51652)

Vulnerability from cvelistv5 – Published: 2024-01-02 20:06 – Updated: 2025-04-17 18:37

Title

OWASP.AntiSamy mXSS when preserving comments

Summary

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `<tagrules>` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/spassarop/antisamy-dotnet/secu…	x_refsource_CONFIRM
	https://github.com/spassarop/antisamy-dotnet/comm…	x_refsource_MISC
	https://github.com/spassarop/antisamy-dotnet/comm…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	spassarop	antisamy-dotnet	Affected: < 1.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:34.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w"
          },
          {
            "name": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6"
          },
          {
            "name": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51652",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-08T16:41:55.112798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T18:37:43.880Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "antisamy-dotnet",
          "vendor": "spassarop",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `\u003ctagrules\u003e` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-02T20:06:41.333Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w"
        },
        {
          "name": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6"
        },
        {
          "name": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a"
        }
      ],
      "source": {
        "advisory": "GHSA-8x6f-956f-q43w",
        "discovery": "UNKNOWN"
      },
      "title": "OWASP.AntiSamy mXSS when preserving comments"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-51652",
    "datePublished": "2024-01-02T20:06:41.333Z",
    "dateReserved": "2023-12-20T22:12:04.737Z",
    "dateUpdated": "2025-04-17T18:37:43.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-51652",
      "date": "2026-05-06",
      "epss": "0.00918",
      "percentile": "0.76029"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:spassarop:owasp_antisamy_.net:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.0\", \"matchCriteriaId\": \"13BDB025-E8FE-41BA-8BEC-53FC1A8994D3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `\u003ctagrules\u003e` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.\"}, {\"lang\": \"es\", \"value\": \"OWASP AntiSamy .NET es una librer\\u00eda para realizar la limpieza de HTML proveniente de fuentes no confiables. Antes de la versi\\u00f3n 1.2.0, exist\\u00eda la posibilidad de que se produjera una vulnerabilidad de mutaci\\u00f3n de cross site scripting (mXSS) en AntiSamy causada por un an\\u00e1lisis defectuoso del HTML que se estaba sanitizando. Para estar sujeto a esta vulnerabilidad, la directiva `preserveComments` debe estar habilitada en su archivo de pol\\u00edtica y tambi\\u00e9n permitir ciertas etiquetas al mismo tiempo. Como resultado, ciertas entradas astutas pueden dar lugar a que los elementos de las etiquetas de comentarios se interpreten como ejecutables cuando se utiliza la salida sanitizada de AntiSamy. Esto est\\u00e1 parcheado en OWASP AntiSamy .NET 1.2.0 y posteriores. Consulte detalles importantes de remediaci\\u00f3n en la referencia que se proporciona a continuaci\\u00f3n. Como workaround, edite manualmente el archivo de pol\\u00edtica AntiSamy (por ejemplo, antisamy.xml) eliminando la directiva `preserveComments` o estableciendo su valor en `false`, si est\\u00e1 presente. Tambi\\u00e9n ser\\u00eda \\u00fatil hacer que AntiSamy elimine la etiqueta `noscript` agregando una l\\u00ednea descrita en GitHub Security Advisory a las definiciones de etiquetas en el nodo ``, o elimin\\u00e1ndola por completo si est\\u00e1 presente. Como las configuraciones de pol\\u00edticas mencionadas anteriormente son condiciones previas para que funcione el ataque mXSS, cambiarlas seg\\u00fan lo recomendado deber\\u00eda ser suficiente para protegerlo contra esta vulnerabilidad cuando utilice una versi\\u00f3n vulnerable de esta librer\\u00eda. Sin embargo, el error existente a\\u00fan estar\\u00eda presente en AntiSamy o su dependencia del analizador (HtmlAgilityPack). La seguridad de esta soluci\\u00f3n depende de configuraciones que pueden cambiar en el futuro y no abordan la causa ra\\u00edz de la vulnerabilidad. Como tal, se recomienda encarecidamente actualizar a una versi\\u00f3n fija de AntiSamy.\"}]",
      "id": "CVE-2023-51652",
      "lastModified": "2024-11-21T08:38:32.550",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2024-01-02T20:15:10.453",
      "references": "[{\"url\": \"https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-51652\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-02T20:15:10.453\",\"lastModified\":\"2024-11-21T08:38:32.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `\u003ctagrules\u003e` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.\"},{\"lang\":\"es\",\"value\":\"OWASP AntiSamy .NET es una librer\u00eda para realizar la limpieza de HTML proveniente de fuentes no confiables. Antes de la versi\u00f3n 1.2.0, exist\u00eda la posibilidad de que se produjera una vulnerabilidad de mutaci\u00f3n de cross site scripting (mXSS) en AntiSamy causada por un an\u00e1lisis defectuoso del HTML que se estaba sanitizando. Para estar sujeto a esta vulnerabilidad, la directiva `preserveComments` debe estar habilitada en su archivo de pol\u00edtica y tambi\u00e9n permitir ciertas etiquetas al mismo tiempo. Como resultado, ciertas entradas astutas pueden dar lugar a que los elementos de las etiquetas de comentarios se interpreten como ejecutables cuando se utiliza la salida sanitizada de AntiSamy. Esto est\u00e1 parcheado en OWASP AntiSamy .NET 1.2.0 y posteriores. Consulte detalles importantes de remediaci\u00f3n en la referencia que se proporciona a continuaci\u00f3n. Como workaround, edite manualmente el archivo de pol\u00edtica AntiSamy (por ejemplo, antisamy.xml) eliminando la directiva `preserveComments` o estableciendo su valor en `false`, si est\u00e1 presente. Tambi\u00e9n ser\u00eda \u00fatil hacer que AntiSamy elimine la etiqueta `noscript` agregando una l\u00ednea descrita en GitHub Security Advisory a las definiciones de etiquetas en el nodo ``, o elimin\u00e1ndola por completo si est\u00e1 presente. Como las configuraciones de pol\u00edticas mencionadas anteriormente son condiciones previas para que funcione el ataque mXSS, cambiarlas seg\u00fan lo recomendado deber\u00eda ser suficiente para protegerlo contra esta vulnerabilidad cuando utilice una versi\u00f3n vulnerable de esta librer\u00eda. Sin embargo, el error existente a\u00fan estar\u00eda presente en AntiSamy o su dependencia del analizador (HtmlAgilityPack). La seguridad de esta soluci\u00f3n depende de configuraciones que pueden cambiar en el futuro y no abordan la causa ra\u00edz de la vulnerabilidad. Como tal, se recomienda encarecidamente actualizar a una versi\u00f3n fija de AntiSamy.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:spassarop:owasp_antisamy_.net:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.0\",\"matchCriteriaId\":\"13BDB025-E8FE-41BA-8BEC-53FC1A8994D3\"}]}]}],\"references\":[{\"url\":\"https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w\", \"name\": \"https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6\", \"name\": \"https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a\", \"name\": \"https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:40:34.163Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-51652\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-08T16:41:55.112798Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-17T18:37:38.677Z\"}}], \"cna\": {\"title\": \"OWASP.AntiSamy mXSS when preserving comments\", \"source\": {\"advisory\": \"GHSA-8x6f-956f-q43w\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"spassarop\", \"product\": \"antisamy-dotnet\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.2.0\"}]}], \"references\": [{\"url\": \"https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w\", \"name\": \"https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6\", \"name\": \"https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a\", \"name\": \"https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `\u003ctagrules\u003e` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-01-02T20:06:41.333Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-51652\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-17T18:37:43.880Z\", \"dateReserved\": \"2023-12-20T22:12:04.737Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-01-02T20:06:41.333Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2024-04170

Vulnerability from fstec - Published: 20.12.2023

Title

Уязвимость парсера HtmlAgilityPack библиотеки для выполнения быстрой настраиваемой очистки HTML AntiSamy, позволяющая нарушителю проводить межсайтовые сценарные атаки

Description

Уязвимость парсера HtmlAgilityPack библиотеки для выполнения быстрой настраиваемой очистки HTML AntiSamy связана с непринятием мер по защите структуры веб-страницы в результате доступа к директиве preserveComments. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить межсайтовые сценарные атаки

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vendor

Arshan Dabirsiaghi

Software Name

AntiSamy

Software Version

до 1.2.0 (AntiSamy)

Possible Mitigations

Использование рекомендаций: https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6 https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a https://github.com/spassarop/antisamy-dotnet/releases/tag/v1.2.0 Компенсирующие меры: В случае невозможности установить обновление отредактируйте файл политики AntiSamy (например, antisamy.xml), удалив директиву preserveComments или установив для нее значение false. Удалите тег <noscript> , определяющий секцию HTML кода, добавив его в определения тегов под <tagrules> узлом (или полностью удалив его, если он присутствует): <tag name="noscript" action="remove"/>

Reference

https://vuldb.com/?id.249520 https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6 https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Arshan Dabirsiaghi",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.2.0 (AntiSamy)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6 \nhttps://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a \nhttps://github.com/spassarop/antisamy-dotnet/releases/tag/v1.2.0\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0442\u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0439\u0442\u0435 \u0444\u0430\u0439\u043b \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 AntiSamy (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, antisamy.xml), \u0443\u0434\u0430\u043b\u0438\u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u0438\u0432\u0443 preserveComments \u0438\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0432 \u0434\u043b\u044f \u043d\u0435\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 false. \n\u0423\u0434\u0430\u043b\u0438\u0442\u0435 \u0442\u0435\u0433 \u003cnoscript\u003e , \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u0435\u043a\u0446\u0438\u044e HTML \u043a\u043e\u0434\u0430, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u0435\u0433\u043e \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0442\u0435\u0433\u043e\u0432 \u043f\u043e\u0434 \u003ctagrules\u003e \u0443\u0437\u043b\u043e\u043c (\u0438\u043b\u0438 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0443\u0434\u0430\u043b\u0438\u0432 \u0435\u0433\u043e, \u0435\u0441\u043b\u0438 \u043e\u043d \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442):\n\u003ctag name=\"noscript\" action=\"remove\"/\u003e",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.12.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.05.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04170",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-51652",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "AntiSamy",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u0440\u0441\u0435\u0440\u0430 HtmlAgilityPack \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 HTML AntiSamy, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u0440\u0441\u0435\u0440\u0430 HtmlAgilityPack \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 HTML AntiSamy \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0434\u0438\u0440\u0435\u043a\u0442\u0438\u0432\u0435 preserveComments. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435, \u0435\u0441\u043b\u0438 \u0438\u043c\u0435\u0435\u0442\u0441\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0438\u0440\u0435\u043a\u0442\u0438\u0432\u0435 preserveComments.",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://vuldb.com/?id.249520\nhttps://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6 \nhttps://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a \nhttps://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}

FKIE_CVE-2023-51652

Vulnerability from fkie_nvd - Published: 2024-01-02 20:15 - Updated: 2024-11-21 08:38

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6	Patch
security-advisories@github.com	https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a	Patch
security-advisories@github.com	https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w	Vendor Advisory

Impacted products

	Vendor	Product	Version
	spassarop	owasp_antisamy_.net	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:spassarop:owasp_antisamy_.net:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13BDB025-E8FE-41BA-8BEC-53FC1A8994D3",
              "versionEndExcluding": "1.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `\u003ctagrules\u003e` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy."
    },
    {
      "lang": "es",
      "value": "OWASP AntiSamy .NET es una librer\u00eda para realizar la limpieza de HTML proveniente de fuentes no confiables. Antes de la versi\u00f3n 1.2.0, exist\u00eda la posibilidad de que se produjera una vulnerabilidad de mutaci\u00f3n de cross site scripting (mXSS) en AntiSamy causada por un an\u00e1lisis defectuoso del HTML que se estaba sanitizando. Para estar sujeto a esta vulnerabilidad, la directiva `preserveComments` debe estar habilitada en su archivo de pol\u00edtica y tambi\u00e9n permitir ciertas etiquetas al mismo tiempo. Como resultado, ciertas entradas astutas pueden dar lugar a que los elementos de las etiquetas de comentarios se interpreten como ejecutables cuando se utiliza la salida sanitizada de AntiSamy. Esto est\u00e1 parcheado en OWASP AntiSamy .NET 1.2.0 y posteriores. Consulte detalles importantes de remediaci\u00f3n en la referencia que se proporciona a continuaci\u00f3n. Como workaround, edite manualmente el archivo de pol\u00edtica AntiSamy (por ejemplo, antisamy.xml) eliminando la directiva `preserveComments` o estableciendo su valor en `false`, si est\u00e1 presente. Tambi\u00e9n ser\u00eda \u00fatil hacer que AntiSamy elimine la etiqueta `noscript` agregando una l\u00ednea descrita en GitHub Security Advisory a las definiciones de etiquetas en el nodo ``, o elimin\u00e1ndola por completo si est\u00e1 presente. Como las configuraciones de pol\u00edticas mencionadas anteriormente son condiciones previas para que funcione el ataque mXSS, cambiarlas seg\u00fan lo recomendado deber\u00eda ser suficiente para protegerlo contra esta vulnerabilidad cuando utilice una versi\u00f3n vulnerable de esta librer\u00eda. Sin embargo, el error existente a\u00fan estar\u00eda presente en AntiSamy o su dependencia del analizador (HtmlAgilityPack). La seguridad de esta soluci\u00f3n depende de configuraciones que pueden cambiar en el futuro y no abordan la causa ra\u00edz de la vulnerabilidad. Como tal, se recomienda encarecidamente actualizar a una versi\u00f3n fija de AntiSamy."
    }
  ],
  "id": "CVE-2023-51652",
  "lastModified": "2024-11-21T08:38:32.550",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-02T20:15:10.453",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2023-51652

Vulnerability from gsd - Updated: 2023-12-21 06:01

Details

Aliases

CVE-2023-51652

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-51652"
      ],
      "details": "OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `\u003ctagrules\u003e` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.",
      "id": "GSD-2023-51652",
      "modified": "2023-12-21T06:01:31.575110Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-51652",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "antisamy-dotnet",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "spassarop"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `\u003ctagrules\u003e` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w",
            "refsource": "MISC",
            "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w"
          },
          {
            "name": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6",
            "refsource": "MISC",
            "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6"
          },
          {
            "name": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a",
            "refsource": "MISC",
            "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-8x6f-956f-q43w",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:spassarop:owasp_antisamy_.net:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "13BDB025-E8FE-41BA-8BEC-53FC1A8994D3",
                    "versionEndExcluding": "1.2.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `\u003ctagrules\u003e` node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy."
          },
          {
            "lang": "es",
            "value": "OWASP AntiSamy .NET es una librer\u00eda para realizar la limpieza de HTML proveniente de fuentes no confiables. Antes de la versi\u00f3n 1.2.0, exist\u00eda la posibilidad de que se produjera una vulnerabilidad de mutaci\u00f3n de cross site scripting (mXSS) en AntiSamy causada por un an\u00e1lisis defectuoso del HTML que se estaba sanitizando. Para estar sujeto a esta vulnerabilidad, la directiva `preserveComments` debe estar habilitada en su archivo de pol\u00edtica y tambi\u00e9n permitir ciertas etiquetas al mismo tiempo. Como resultado, ciertas entradas astutas pueden dar lugar a que los elementos de las etiquetas de comentarios se interpreten como ejecutables cuando se utiliza la salida sanitizada de AntiSamy. Esto est\u00e1 parcheado en OWASP AntiSamy .NET 1.2.0 y posteriores. Consulte detalles importantes de remediaci\u00f3n en la referencia que se proporciona a continuaci\u00f3n. Como workaround, edite manualmente el archivo de pol\u00edtica AntiSamy (por ejemplo, antisamy.xml) eliminando la directiva `preserveComments` o estableciendo su valor en `false`, si est\u00e1 presente. Tambi\u00e9n ser\u00eda \u00fatil hacer que AntiSamy elimine la etiqueta `noscript` agregando una l\u00ednea descrita en GitHub Security Advisory a las definiciones de etiquetas en el nodo ``, o elimin\u00e1ndola por completo si est\u00e1 presente. Como las configuraciones de pol\u00edticas mencionadas anteriormente son condiciones previas para que funcione el ataque mXSS, cambiarlas seg\u00fan lo recomendado deber\u00eda ser suficiente para protegerlo contra esta vulnerabilidad cuando utilice una versi\u00f3n vulnerable de esta librer\u00eda. Sin embargo, el error existente a\u00fan estar\u00eda presente en AntiSamy o su dependencia del analizador (HtmlAgilityPack). La seguridad de esta soluci\u00f3n depende de configuraciones que pueden cambiar en el futuro y no abordan la causa ra\u00edz de la vulnerabilidad. Como tal, se recomienda encarecidamente actualizar a una versi\u00f3n fija de AntiSamy."
          }
        ],
        "id": "CVE-2023-51652",
        "lastModified": "2024-01-08T19:35:18.890",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-02T20:15:10.453",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

GHSA-8X6F-956F-Q43W

Vulnerability from github – Published: 2024-01-02 16:38 – Updated: 2024-01-02 23:28

Summary

OWASP.AntiSamy mXSS when preserving comments

Details

Impact

There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output.

Patches

Patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below.

Workarounds

If you cannot upgrade to a fixed version of the library, the following mitigation can be applied until you can upgrade: Manually edit your AntiSamy policy file (e.g., antisamy.xml) by deleting the preserveComments directive or setting its value to false, if present. Also it would be useful to make AntiSamy remove the noscript tag by adding this in your tag definitions under the <tagrules> node (or deleting it entirely if present):

<tag name="noscript" action="remove"/>

As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.

For more information

If you have any questions or comments about this advisory:

Email one of the project co-leaders, listed on the OWASP AntiSamy project page, under "Leaders".

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "OWASP.AntiSamy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-51652"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-02T16:38:28Z",
    "nvd_published_at": "2024-01-02T20:15:10Z",
    "severity": "MODERATE"
  },
  "details": "# Impact\n\nThere is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy\u0027s sanitized output.\n\n# Patches\n\nPatched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below.\n\n# Workarounds\n\nIf you cannot upgrade to a fixed version of the library, the following mitigation can be applied until you can upgrade: Manually edit your AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`,  if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding this in your tag definitions under the `\u003ctagrules\u003e` node (or deleting it entirely if present):\n```xml\n\u003ctag name=\"noscript\" action=\"remove\"/\u003e\n```\n\nAs the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don\u0027t address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.\n\n# For more information\n\nIf you have any questions or comments about this advisory:\n\nEmail one of the project co-leaders, listed on the [OWASP AntiSamy project](https://owasp.org/www-project-antisamy/) page, under \"Leaders\".",
  "id": "GHSA-8x6f-956f-q43w",
  "modified": "2024-01-02T23:28:07Z",
  "published": "2024-01-02T16:38:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51652"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spassarop/antisamy-dotnet"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OWASP.AntiSamy mXSS when preserving comments"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-51652 (GCVE-0-2023-51652)

BDU:2024-04170

FKIE_CVE-2023-51652

GSD-2023-51652

GHSA-8X6F-956F-Q43W

Impact

Patches

Workarounds

For more information

Tags

Sightings

Nomenclature