Homepage
About Snyk

org.jsoup:jsoup@1.14.3 vulnerabilities

  • latest version

    1.17.2

  • latest non vulnerable version

    1.17.2

  • first published

    14 years ago

  • latest version published

    5 months ago

  • licenses detected

  • package manager

    View on Maven Repository
Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.jsoup:jsoup package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

org.jsoup:jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of HTML including javascript: URL expressions if the non-default SafeList.preserveRelativeLinks option is enabled and no Content Security Policy is set on the website.

Note: Users that are upgrading to the fixed version should also clean old content again because unsanitized input may have persisted.

How to fix Cross-site Scripting (XSS)?

Upgrade org.jsoup:jsoup to version 1.15.3 or higher.

[,1.15.3)
Go back to all versions of this package