Описание
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
Ссылки
- PatchThird Party Advisory
- PatchRelease NotesThird Party Advisory
- PatchThird Party Advisory
- PatchRelease NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.6 (исключая)
cpe:2.3:a:antisamy_project:antisamy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00218
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 4 года назад
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
CVSS3: 6.1
debian
почти 4 года назад
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...
EPSS
Процентиль: 44%
0.00218
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79