exploitDog

GHSA-hfj4-96f7-6r5g

Опубликовано: 09 нояб. 2018

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Cross-Site Scripting in html-janitor

Versions of html-janitor prior to 2.0.2 (all current versions) are vulnerable to cross-site scripting (XSS).

This is exploitable if user-controlled data is passed into the modules clean() function.

Recommendation

No fix is currently available for this vulnerability. It is recommended to use an alternative module for HTML sanitization.

Ссылки

Пакеты

Наименование

html-janitor

npm

Затронутые версииВерсия исправления

< 2.0.3

2.0.3

EPSS

Процентиль: 44%

0.0022

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-0931

CVSS3: 6.1

nvd

больше 7 лет назад

html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.

EPSS

Процентиль: 44%

0.0022

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79