Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.owasp.antisamy/antisamy@1.6.7

Type maven

Namespace org.owasp.antisamy

Name antisamy

Version 1.6.7

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.5.5

Latest_non_vulnerable_version 1.7.5

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-jrjz-gczc-9fhs

vulnerability_id VCID-jrjz-gczc-9fhs

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29577

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47727
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29577

reference_url	https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0
reference_id
reference_type
scores
url	https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0

reference_url	https://github.com/nahsra/antisamy/releases/tag/v1.6.7
reference_id
reference_type
scores
url	https://github.com/nahsra/antisamy/releases/tag/v1.6.7

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-29577
reference_id	CVE-2022-29577
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-29577

reference_url	https://github.com/advisories/GHSA-vp37-2f9p-3vr3
reference_id	GHSA-vp37-2f9p-3vr3
reference_type
scores
url	https://github.com/advisories/GHSA-vp37-2f9p-3vr3

fixed_packages

url	pkg:maven/org.owasp.antisamy/antisamy@1.6.7
purl	pkg:maven/org.owasp.antisamy/antisamy@1.6.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.owasp.antisamy/antisamy@1.6.7

aliases CVE-2022-29577, GHSA-vp37-2f9p-3vr3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrjz-gczc-9fhs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.owasp.antisamy/antisamy@1.6.7

Package Instance