CVE-2022-29577
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-29577
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29577.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-29577
- Aliases
- Downstream
- Published
- 2022-04-21T23:15:10Z
- Modified
- 2025-10-21T07:03:28.640027Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
- References
Affected packages
Git / github.com/nahsra/antisamy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nahsra/antisamy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.6.3
v1.*
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.1
v1.6.2
v1.6.4
v1.6.5
v1.6.6
v1.6.6.1
Database specific
vanir_signatures
[
{
"id": "CVE-2022-29577-35016ed0",
"digest": {
"line_hashes": [
"237853444054347817364515222576269512625",
"336071599204640059636299145511392624895",
"165848317299205136683032698194184895651",
"339101229301899965439775818916251222622",
"285903785459194626705691651822174438162",
"231515759940691657940379650850759202754",
"224156990529132882235418766553590204221"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/test/java/org/owasp/validator/html/test/AntiSamyTest.java"
},
"source": "https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0",
"signature_version": "v1"
},
{
"id": "CVE-2022-29577-c912ad89",
"digest": {
"function_hash": "88131835901757964811327895062350049878",
"length": 1154.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "processStyleTag",
"file": "src/main/java/org/owasp/validator/html/scan/AntiSamyDOMScanner.java"
},
"source": "https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0",
"signature_version": "v1"
},
{
"id": "CVE-2022-29577-ceaa121c",
"digest": {
"function_hash": "178410271232807830230245771871539052343",
"length": 846.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "testSmuggledTagsInStyleContent",
"file": "src/test/java/org/owasp/validator/html/test/AntiSamyTest.java"
},
"source": "https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0",
"signature_version": "v1"
},
{
"id": "CVE-2022-29577-ebd52f03",
"digest": {
"line_hashes": [
"306425877699336243915250815896124374480",
"82458634497388572929189339455064079514",
"297848842918691885350402407532356243068",
"32815047294793109378873259651076730840",
"273071617774659664431767839626169799535",
"76571751703142598865683490853200567324",
"70232678748025585381294938982190700985",
"328412688529917311588232321115420528786",
"183962489278164641071475429383934925912",
"162119904040012907656562718458671386819",
"186911322794562416845561872734106232305",
"45862128560471560943951069770339704902",
"182516468880197479286450933909066344778",
"131018505150293915404995959334332522954",
"317605331177973768631118161872046614930",
"289940291231881362563064475896495769032"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/main/java/org/owasp/validator/html/scan/AntiSamyDOMScanner.java"
},
"source": "https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0",
"signature_version": "v1"
}
]