vulnerability

Debian: CVE-2022-28367: libowasp-antisamy-java -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Apr 21, 2022

Added

May 15, 2025

Modified

Mar 30, 2026

Description

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

Solution

no-fix-debian-deb-package

References

CVE-2022-28367
https://attackerkb.com/topics/CVE-2022-28367
CWE-79
EUVD-EUVD-2022-1609
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-1609

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report