CVE-2011-4457

OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.

Date published : 2011-11-17

http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457

http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html