OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-04-21T22:42:14

Updated: 2024-08-03T05:56:14.935Z

Reserved: 2022-04-03T00:00:00

Link: CVE-2022-28367

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-21T23:15:10.427

Modified: 2024-11-21T06:57:13.410

Link: CVE-2022-28367

cve-icon Redhat

No data.