Fluid Attacks Database

Description

Cross-site Scripting in OWASP AntiSamy OWASP AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libowasp-antisamy-java	>=0 <1.7.4-1	1.7.4-1
debian 12	libowasp-antisamy-java	=1.5.3+dfsg-1.1 \|\| =1.7.4-1	-
maven	org.owasp.antisamy:antisamy	>=0 <1.6.6	1.6.6
debian 13	libowasp-antisamy-java	>=0 <1.7.4-1	1.7.4-1
debian 11	libowasp-antisamy-java	=1.5.3+dfsg-1.1 \|\| =1.7.4-1	-

Aliases

1. CVE-2022-283672. NVD-2022-283673. OSV-DEBIAN-2022-283674. OSV-2022-283675. GCVE-2022-283676. SECURITY-TRACKER-CVE-2022-28367

References

1. https://github.com/shoucheng3/nahsra__antisamy_CVE-2022-28367_1-6-52. https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae3. https://github.com/nahsra/antisamy/releases/tag/v1.6.6