CVE-2022-28367 Vulnerability in maven package org.owasp:antisamy

Description

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

Remediation

References

https://github.com/nahsra/antisamy/releases/tag/v1.6.6

https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae

Related Vulnerabilities

CVE-2021-25913 Vulnerability in npm package set-or-get

CVE-2021-40660 Vulnerability in maven package org.javadelight:delight-nashorn-sandbox

CVE-2023-31579 Vulnerability in maven package top.tangyh.basic:lamp-core

CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-core-common

CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:xmpbox

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N