1. Home
  2. Vulnerabilities
  3. CVE-2022-29577

CVE-2022-29577

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.14 % (50th)
0.14% Progress
Affected Products 3
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2022-04-21 23:15:10
(2 years ago)
Updated Date
2023-02-23 18:47:00
(19 months ago)

Affected Products

Antisamy Project

Oracle

Configuration #1

    CPE23 From Up To
  Antisamy Project Antisamy prior 1.6.7 version cpe:2.3:a:antisamy_project:antisamy < 1.6.7

Configuration #2

    CPE23 From Up To
  Oracle Enterprise Manager Base Platform 13.4.0.0 cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0
  Oracle Enterprise Manager Base Platform 13.5.0.0 cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0
  Oracle Weblogic Server 12.2.1.3.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0
  Oracle Weblogic Server 12.2.1.4.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0
  Oracle Weblogic Server 14.1.1.0.0 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0