Описание
Cross-Site Scripting in bleach
All versions of bleach are vulnerable to Cross-Site Scripting. It is possible to bypass the package's HTML sanitization with payloads such as "<<script><</script>script>alert('xss');</<script><</script>script>" regardless of the passed options. This may allow attackers to execute arbitrary JavaScript in the victim's browser.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
bleach
npm
Затронутые версииВерсия исправления
>= 0.0.0
Отсутствует
Дефекты
CWE-79
Дефекты
CWE-79