Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-29577 Vulnerability in maven package org.owasp:antisamy

Description

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.

Remediation

References

https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0

https://github.com/nahsra/antisamy/releases/tag/v1.6.7

https://www.oracle.com/security-alerts/cpujul2022.html

Related Vulnerabilities

CVE-2021-41183 Vulnerability in maven package org.webjars.npm:jquery-ui

CVE-2022-21169 Vulnerability in npm package express-xss-sanitizer

CVE-2021-21639 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2016-7051 Vulnerability in maven package com.fasterxml.jackson.dataformat:jackson-dataformat-xml

CVE-2022-2218 Vulnerability in npm package parse-url

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Release Notes Third Party Advisory