Описание
'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (href) attribute in anchor tags (<a>), allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | |
| upstream | not-affected | debian: Fixed before initial upload to the archive |
Показывать по
Ссылки на источники
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (`<a>`), allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings.
'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scr ...
'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (`<a>`), allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings.
EPSS
6.1 Medium
CVSS3