OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
References
Link | Resource |
---|---|
https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 | Patch |
https://github.com/nahsra/antisamy/releases/tag/v1.6.7 | Release Notes |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
23 Feb 2023, 18:47
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle enterprise Manager Base Platform
Oracle weblogic Server Oracle |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:* |
25 Jul 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2022, 20:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Antisamy Project antisamy
Antisamy Project |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:antisamy_project:antisamy:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/nahsra/antisamy/releases/tag/v1.6.7 - Release Notes, Third Party Advisory |
21 Apr 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-21 23:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29577
Mitre link : CVE-2022-29577
CVE.ORG link : CVE-2022-29577
JSON object : View
Products Affected
oracle
- weblogic_server
- enterprise_manager_base_platform
antisamy_project
- antisamy
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')