CVE-2022-29577 – org.owasp.antisamy:antisamy

Package

Manager: maven
Name: org.owasp.antisamy:antisamy
Vulnerable Version: >=0 <1.6.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00217 pctl0.44253

Details

Cross-site Scripting in OWASP AntiSamy AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.

Metadata

Created: 2022-04-23T00:03:04Z
Modified: 2022-05-04T03:59:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-vp37-2f9p-3vr3/GHSA-vp37-2f9p-3vr3.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-vp37-2f9p-3vr3
Finding: F008
Auto approve: 1