exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2019-25225

5 месяцев назад

`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.

CVSS3: 6.1

EPSS: Низкий

CVE-2019-25225

5 месяцев назад

`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.

CVSS3: 6.1

EPSS: Низкий

CVE-2019-25225

5 месяцев назад

`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.

CVSS3: 6.1

EPSS: Низкий

CVE-2019-25225

5 месяцев назад

`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-sit ...

CVSS3: 6.1

EPSS: Низкий

GHSA-qhxp-v273-g94h

5 месяцев назад

sanitize-html is vulnerable to XSS through incomprehensive sanitization

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2019-25225 `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.	CVSS3: 6.1	0% Низкий	5 месяцев назад
CVE-2019-25225 `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.	CVSS3: 6.1	0% Низкий	5 месяцев назад
CVE-2019-25225 `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.	CVSS3: 6.1	0% Низкий	5 месяцев назад
CVE-2019-25225 `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-sit ...	CVSS3: 6.1	0% Низкий	5 месяцев назад
GHSA-qhxp-v273-g94h sanitize-html is vulnerable to XSS through incomprehensive sanitization	CVSS3: 6.1	0% Низкий	5 месяцев назад

Уязвимостей на страницу