CVE-2022-29577

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29577

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29577.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-29577

Aliases

GHSA-vp37-2f9p-3vr3

Related

UBUNTU-CVE-2022-29577

Published

2022-04-21T23:15:10Z

Modified

2024-08-01T07:19:29.537723Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.

References

Affected packages

Git / github.com/nahsra/antisamy

Affected ranges

Type: GIT
Repo: https://github.com/nahsra/antisamy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

32e273507da0e964b58c50fd8a4c94c9d9363af0

Affected versions

1.*

1.6.3

v1.*

v1.5.10

v1.5.11

v1.5.12

v1.5.13

v1.5.7

v1.5.8

v1.5.9

v1.6.0

v1.6.1

v1.6.2

v1.6.4

v1.6.5

v1.6.6

v1.6.6.1