Antisamy Security Vulnerabilities and Issues — Antisamy CVE List

Lucene search

Antisamy ProjectAntisamy

3 matches found

CVE•added 2022/04/21 11:15 p.m.•157 views

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (als...

7.5CVSS7.1AI score0.00295EPSS

CVE•added 2022/04/21 11:15 p.m.•136 views

CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.

6.1CVSS6.1AI score0.00268EPSS

CVE•added 2022/04/21 11:15 p.m.•112 views

CVE-2022-28367

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

6.1CVSS5.7AI score0.00268EPSS