CVE-2022-28367: XSS
First published: Thu Apr 21 2022(Updated: )
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Antisamy Project Antisamy | <1.6.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-28367?
CVE-2022-28367 is a vulnerability in OWASP AntiSamy before version 1.6.6.
How does CVE-2022-28367 work?
CVE-2022-28367 allows XSS attacks through HTML tag smuggling on STYLE content with crafted input.
What is the severity of CVE-2022-28367?
The severity of CVE-2022-28367 is medium with a CVSS score of 6.1.
How can I fix CVE-2022-28367?
To fix CVE-2022-28367, upgrade to OWASP AntiSamy version 1.6.6 or later.
What is CWE-79?
CWE-79 is a category for Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/antisamy project
- canonical/antisamy project antisamy