CVE-2026-40301

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to...

Linux Distros Unpatched Vulnerability : CVE-2022-29577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed...

GHSA-3PQG-4RQG-PG9G Cross-site Scripting in OWASP AntiSamy

OWASP AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS conten...

CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367...

CVE-2022-28367

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content...

Design/Logic Flaw

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367...

UBUNTU-CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367...

CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367...

CVE-2022-28367

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content...

CVE-2022-29577

AntiSamy vulnerability CVE-2022-29577 affects AntiSamy before 1.6.7, allowing cross-site scripting via HTML/CSS content smuggling in STYLE content. The flaw stems from incomplete encoding in the output serializer for CSS/CSS-like input, enabling an attacker to execute script in the victim’s brows...

CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367...

CVE-2022-28367

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content...

CVE-2022-28367

CVE-2022-28367 affects the OWASP AntiSamy library (pre-1.6.6) and enables cross-site scripting by smuggling CSS (STYLE) content; the output serializer fails to properly encode CSS content. Multiple connected sources (Nessus, IBM advisories, GitHub GHSA entries) corroborate XSS via STYLE/CSS input...

PT-2022-5409 · Owasp · Owasp Antisamy

Name of the Vulnerable Software and Affected Versions: OWASP AntiSamy versions prior to 1.6.7 Description: The issue is related to the incorrect encoding of Cascading Style Sheets CSS content, allowing for HTML tag smuggling on STYLE content with crafted input. This can lead to cross-site scripti...