CVE-2022-28367 – org.owasp.antisamy:antisamy

Package

Manager: maven
Name: org.owasp.antisamy:antisamy
Vulnerable Version: >=0 <1.6.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00268 pctl0.50002

Details

Cross-site Scripting in OWASP AntiSamy OWASP AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

Metadata

Created: 2022-04-23T00:03:04Z
Modified: 2022-05-04T04:00:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-3pqg-4rqg-pg9g/GHSA-3pqg-4rqg-pg9g.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-3pqg-4rqg-pg9g
Finding: F008
Auto approve: 1