CVE-2022-28367
MEDIUMOWASP AntiSamy < 1.6.6 - Cross-Site Scripting via HTML Tag Smuggling in STYLE Content
Title source: llmDescription
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
References (2)
Core 2
Core References
Patch, Release Notes, Third Party Advisory x_refsource_misc
https://github.com/nahsra/antisamy/releases/tag/v1.6.6
Patch, Third Party Advisory x_refsource_misc
https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae
Scores
CVSS v3
6.1
EPSS
0.0020
EPSS Percentile
42.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
antisamy_project/antisamy
< 1.6.6
org.owasp.antisamy/antisamy
0 - 1.6.6Maven
Published
Apr 21, 2022
Tracked Since
Feb 18, 2026