CVE-2022-28367

Опубликовано: 21 апр. 2022

Источник: debian

EPSS Низкий

Описание

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libowasp-antisamy-java	fixed	1.7.4-1		package
libowasp-antisamy-java	ignored		bookworm	package
libowasp-antisamy-java	no-dsa		bullseye	package
libowasp-antisamy-java	no-dsa		buster	package
libowasp-antisamy-java	no-dsa		stretch	package

Примечания

https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae (v1.6.6)
Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577
https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)

EPSS

Процентиль: 45%

0.00223

Низкий

Связанные уязвимости

CVE-2022-28367

CVSS3: 6.1

ubuntu

почти 4 года назад

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

CVE-2022-28367

CVSS3: 6.1

nvd

почти 4 года назад

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

GHSA-3pqg-4rqg-pg9g

CVSS3: 6.1

github

почти 4 года назад

Cross-site Scripting in OWASP AntiSamy

EPSS

Процентиль: 45%

0.00223

Низкий