CVE-2022-29577

{"id": "CVE-2022-29577", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-04-21T23:15:10.467", "references": [{"url": "https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.7", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.7", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367."}, {"lang": "es", "value": "OWASP AntiSamy versiones anteriores a 1.6.7, permite un ataque de tipo XSS por medio de contrabando de etiquetas HTML en contenido STYLE con entrada dise\u00f1ada. El serializador de salida no codifica correctamente el supuesto contenido de las hojas de estilo en cascada (CSS). NOTA: este problema se presenta debido a una correcci\u00f3n incompleta de CVE-2022-28367"}], "lastModified": "2024-11-21T06:59:20.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:antisamy_project:antisamy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2700372-2AF6-4FD7-B284-2C32001E0153", "versionEndExcluding": "1.6.7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}