CVE-2023-43643

Summary

CVE-2023-43643 is a vulnerability found in the AntiSamy library prior to version 1.7.4. This vulnerability is a mutation XSS (mXSS) issue caused by flawed parsing of HTML when being sanitized. In order for an organization to be affected, the `preserveComments` directive must be enabled along with certain allowed tags in the policy file. Crafty inputs can exploit this vulnerability and interpret elements in comment tags as executable code. The issue has been patched in AntiSamy 1.7.4 and later versions. This vulnerability has a risk score of 25 and a base severity of MEDIUM according to [email protected], with a base score of 6.1 and an impact score of 2.7 on CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N vector string. The potential danger lies in the possibility of attackers injecting malicious code into sanitized HTML, which could lead to cross-site scripting attacks and compromise the confidentiality and integrity of an organization's web application or website. Note: The provided summary is factual, objective, and does not include any analysis or personal opinions about the vulnerability described.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.