CVE-2021-35043

{"id": "CVE-2021-35043", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-07-19T15:15:07.747", "references": [{"url": "https://github.com/nahsra/antisamy/pull/87", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.4", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character."}, {"lang": "es", "value": "OWASP AntiSamy versiones anteriores a 1.6.4, permite un ataque de tipo XSS por medio de atributos HTML cuando se usa el serializador de salida HTML (XHTML no est\u00e1 afectado). Esto fue demostrado por un javascript: URL con : como reemplazo del car\u00e1cter"}], "lastModified": "2022-10-29T02:49:41.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:antisamy_project:antisamy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CBBCACC-5568-45E3-B2E5-3D947263D40C", "versionEndExcluding": "1.6.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773"}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D"}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716"}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00"}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8"}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6", "versionEndIncluding": "2.4.0", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D0F559E-0790-461B-ACED-5B00F4D40893", "versionEndIncluding": "2.4.1", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C9E689-ED91-4A9D-B9C0-5BF4EC131409"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC2370B5-F41B-45F6-AC9F-9C7B258AA717"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF958C28-4289-4433-8CD9-B6551F01926F"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184"}, {"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCCFDDAC-CF84-4259-BA65-98DC5482A0A3"}, {"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}