CVE-2023-51652

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 2, 2024
Updated: Jan 8, 2024
CWE ID 79

Summary

The vulnerability with CVE ID CVE-2023-51652 affects OWASP AntiSamy .NET library versions prior to 1.2.0. It is a mutation cross-site scripting (mXSS) vulnerability caused by flawed parsing of HTML during the sanitization process. The vulnerability can be exploited when the preserveComments directive is enabled in the policy file and certain tags are allowed at the same time. Crafty inputs can lead to executable elements being interpreted within comment tags in AntiSamy's sanitized output. The vulnerability has been patched in OWASP AntiSamy .NET 1.2.0 and later versions. As a temporary workaround, users can manually edit the AntiSamy policy file by removing or setting the value of preserveComments directive to false. Additionally, it is recommended to remove the noscript tag by following instructions provided in the GitHub Security Advisory. This vulnerability poses a medium risk with a base severity score of 6.1, requiring user interaction and having low impacts on integrity and confidentiality of an organization's systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-51652 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options