CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

Date published : 2017-09-25

http://www.securityfocus.com/bid/105656

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html