WebLogic Other Vulnerability - CVE-2022-24891

ESAPI (The OWASP Enterprise Security API) is a free open source web application security control library. Prior to version 2.3.0.0 there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for quotonsiteURLquot in the antisamy-esapi.xml configuration file that can cause quotjavascript:quot URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround manually edit the antisamy-esapi.xml configuration files to change the quotonsiteURLquot regular expression. More information about remediation of the vulnerability including the workaround is available in the maintainers39 release notes and security bulletin.