Количество 2
Количество 2
CVE-2025-29771
HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. The issue is patched in version 2.0.3.
GHSA-vhv4-fh94-jm5x
JS Html Sanitizer allows XSS when used with contentEditable
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-29771 HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. The issue is patched in version 2.0.3. | 0% Низкий | 11 месяцев назад | |
| GHSA-vhv4-fh94-jm5x JS Html Sanitizer allows XSS when used with contentEditable | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу