CVE-2022-28367Cross-site Scripting in Project Antisamy

CWE-79Cross-site Scripting7 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 55.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Antisamy Project Antisamy
Timeline
PublishedApr 21
Latest updateApr 23

Description

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
Cross-site Scripting in OWASP AntiSamy2022-04-23
OSV
Cross-site Scripting in OWASP AntiSamy2022-04-23
GHSA
Cross-site Scripting in OWASP AntiSamy2022-04-23
CVEList
CVE-2022-28367: OWASP AntiSamy before 12022-04-21
OSV
CVE-2022-28367: OWASP AntiSamy before 12022-04-21

📋Vendor Advisories

1
Debian
CVE-2022-28367: libowasp-antisamy-java - OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content w...2022
CVE-2022-28367 — Cross-site Scripting | cvebase