CVE-2022-29577

Name of the Vulnerable Software and Affected Versions OWASP AntiSamy versions prior to 1.6.7

Description The issue is related to the incorrect encoding of Cascading Style Sheets (CSS) content, allowing for HTML tag smuggling on STYLE content with crafted input. This can lead to cross-site scripting (XSS) attacks. The problem exists due to an incomplete fix for a previous issue.

Recommendations For versions prior to 1.6.7, update to version 1.6.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of STYLE content to minimize the risk of exploitation.