CNNVD-202511-2921 Information

Nov 26, 2025 cve

CNNVD ID

CNNVD-202511-2921

CVE-2025-66021

  • CNNVD Published: 2025-11-26

Description (Chinese)

Owasp Json-sanitizer是美国OWASP基金会的一款基于Java可根据类似Json的文本内容生成Json格式数据的代码库。 Owasp Json-sanitizer 20240325.1版本存在安全漏洞,该漏洞源于HtmlPolicyBuilder允许noscript和style标签,可能导致跨站脚本攻击。

Description (English)

Owasp Jason-sanitizer is a code library of Jason format data based on Java based on Jason-like text content. There is a security loophole in version 20240325.1 of Owasp Jason-sanitizer, which originates from HtmlPolicyBuilder allowing noscript and style tags, which could lead to a cross-script attack.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

OWASP

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2

Share on: