CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
Configurations

Configuration 1 (hide)

cpe:2.3:a:antisamy_project:antisamy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:59

Type Values Removed Values Added
References () https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 - Patch () https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 - Patch
References () https://github.com/nahsra/antisamy/releases/tag/v1.6.7 - Release Notes () https://github.com/nahsra/antisamy/releases/tag/v1.6.7 - Release Notes
References () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory

Information

Published : 2022-04-21 23:15

Updated : 2024-11-21 06:59


NVD link : CVE-2022-29577

Mitre link : CVE-2022-29577

CVE.ORG link : CVE-2022-29577


JSON object : View

Products Affected

antisamy_project

  • antisamy

oracle

  • enterprise_manager_base_platform
  • weblogic_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')