ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the antisamy-esapi.xml configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.
2.1.0-2ubuntu0.1~esm12.1.0-3ubuntu0.18.04.1~esm12.1.0-3ubuntu0.20.04.1~esm12.2.3.1-1ubuntu0.1~esm1Exploitability
AV:NAC:LPR:NUI:RScope
S:CImpact
C:LI:LA:NCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N