Описание
Cross-Site Scripting in sanitize-html
Affected versions of sanitize-html are vulnerable to cross-site scripting.
Proof of Concept:
<IMG SRC= onmouseover="alert('XSS');">
produces the following:
<img src="onmouseover="alert('XSS');"" />
This is definitely invalid HTML, but would suggest that it's being interpreted incorrectly by the parser.
Recommendation
Update to version 1.2.3 or later.
Пакеты
Наименование
sanitize-html
npm
Затронутые версииВерсия исправления
< 1.2.3
1.2.3
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability.
CVSS3: 6.1
debian
больше 7 лет назад
sanitize-html is a library for scrubbing html input for malicious valu ...