CVE-2017-16016

Опубликовано: 04 июн. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.

Ссылки

https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403
Patch
https://github.com/punkave/sanitize-html/issues/100
Exploit
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/154
Exploit
Third Party Advisory
https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403
Patch
https://github.com/punkave/sanitize-html/issues/100
Exploit
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/154
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:punkave:sanitize-html:*:*:*:*:*:node.js:*:*

Версия до 1.11.1 (включая)

EPSS

Процентиль: 52%

0.00286

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-16016

CVSS3: 6.1

debian

больше 7 лет назад

Sanitize-html is a library for scrubbing html input of malicious value ...

GHSA-xc6g-ggrc-qq4r

github

около 7 лет назад

Cross-Site Scripting in sanitize-html