Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WebLogic Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-29577 - Vulnerability Database
WebLogic

WebLogic Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-29577

Medium
Reference: CVE-2022-29577
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-29577
Title: WebLogic Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.