CVE-2020-13973: XSS
First published: Tue Jun 09 2020(Updated: )
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OWASP Java HTML Sanitizer | <1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-13973.
What is the severity of CVE-2020-13973?
The severity of CVE-2020-13973 is medium.
What is the affected software for CVE-2020-13973?
The affected software for CVE-2020-13973 is OWASP json-sanitizer before version 1.2.1.
What is the CWE ID for CVE-2020-13973?
The CWE ID for CVE-2020-13973 is CWE-79.
Is there a fix available for CVE-2020-13973?
Yes, the fix for CVE-2020-13973 is to update to version 1.2.1 or later of OWASP json-sanitizer.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/owasp
- canonical/owasp java html sanitizer