Описание
Bypassing Sanitization using DOM clobbering in html-janitor
All versions of html-janitor are vulnerable to cross-site scripting (XSS).
Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function."
Recommendation
Upgrade to version 2.0.4 or later.
Пакеты
Наименование
html-janitor
npm
Затронутые версииВерсия исправления
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.