Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.
[
{
"product": "sanitize-html node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<=1.11.1"
}
]
}
]